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THE FEDERAL INFORMATION TECHNOLOGY 
ACQUISITION REFORM ACT’S ROLE IN RE- 
DUCING IT ACQUISITION RISK 


Wednesday, June 10, 2015 

House of Representatives, 

Subcommittee on Information Technology, joint 
WITH THE Subcommittee on Government Operations, 

Committee on Oversight and Government Reform, 

Washington, D.C. 

The subcommittees met, pursuant to call, at 2:41 p.m., in Room 
2154, Rayburn House Office Building, Hon. Will Hurd [chairman of 
the subcommittee] presiding. 

Present from Subcommittee on Information Technology: Rep- 
resentatives Hurd, Walker, Blum, Kelly, Connolly, Duckworth, and 
Lieu. 

Present from Subcommittee on Government Operations: Rep- 
resentatives Meadows, Walberg, Massie, Carter, Maloney, Norton, 
Plaskett and Lynch. 

Mr. Hurd. The Subcommittee on Information Technology and the 
Subcommittee on Government Operations will come to order. And 
without objection, the chair is authorized to declare a recess at any 
time. 

Today we’re going to review GAO’s designation of IT acquisition 
as high risk and highlight how the Federal Information Technology 
Reform Act, FITARA, can reduce IT acquisition risk. 

I represent a district that’s 29 counties, very rural parts of 
Texas, and the urban part. Not once did I mention IT procurement 
on the campaign trail because it wasn’t a sexy topic. And one of 
my first trips out in the district, we were in far west Texas, my 
chief of staff says: What are you going to talk about? And he says: 
IT procurement, and his face goes ashen, but when you tell people 
that the Federal Government spends $80 billion on IT procure- 
ment, and a good majority of that is on legacy systems, they’re 
pretty outraged, and they recognize the need for efficiency. They 
recognize the need to reduce the size and scope of the Federal Gov- 
ernment, and FITARA was a good move in that direction. 

I think many of the folks on this panel were involved in that. I 
know Darrell Issa and Congressman Connolly were instrumental in 
making that happen, and I’m looking forward to working with Con- 
gresswoman Kelly on this important issue and making sure, Mr. 
Scott, you know, you have all the tools you need to do your job. You 
have a tough job. This is — you know, I recognize the difficulty of 
the task, and IT management and acquisition has long been a prob- 

( 1 ) 
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lem for the Federal Government, and we all know that. And I’m 
hopeful that the agency CIOs will in partnership with their C-suite 
agency colleagues, fundamentally transform the way the Federal 
Government manages and buys IT. 

And we cannot afford to be having the same discussion about IT 
management and acquisition in another 20 years. Our fiscal situa- 
tion demands that we take advantage of the opportunities for cost 
savings in IT whether through eliminating duplication, 
transitioning to the cloud and shared services or ensuring agile de- 
velopment. 

I’m particularly interested in how we might define successful 
FITARA implementation and how we best empower the CIOs for 
success. 

I look forward to working with the leadership and members of 
the IT and Government Operations Subcommittees on both sides of 
the aisle and to continue the oversight of FITARA implementation. 
We have to get this right. And I believe this is something that has 
support not only on both sides of the aisle in the House and the 
Senate, in the White House as well. 

And now I would like to recognize Ms. Kelly, our ranking mem- 
ber of the Subcommittee on Information Technology for her opening 
statement. 

Ms. Kelly. Thank you, Mr. Chairman, for holding today’s over- 
sight hearing on the implementation of the Federal Information 
Technology Acquisition Reform Act, bipartisan legislation intended 
to overhaul the Federal Government’s approach to managing its in- 
formation technology resources and save billions of taxpayers’ dol- 
lars. 

I would like to commend Representative Gerry Connolly, the 
ranking member of the Government Operations Subcommittee and 
co-author of this legislation for his continued work on Federal IT 
issues and reforms. I look forward to working with him and other 
members of the committee in conducting effective oversight of the 
implementation of this law across the government. 

FITARA includes a number of government-wide reforms for man- 
aging IT acquisitions and portfolios that will help ensure the Fed- 
eral Government is making wise and efficient investment in IT. 
This committee plays an important oversight role that could in- 
crease transparency and accountability of agency efforts and help 
ensure that the law is effectively implemented. 

In February of this year, the Government Accountability Office 
released its biannual high risk report which added the new high 
risk area, “Improving the management of information technology 
acquisitions and operations.” GAO found that Federal Government 
spends billions of dollars on failed or poorly performing IT invest- 
ments. Effective oversight is a key tool in identifying and reducing 
this kind of wasteful spending. Congress has a duty to conduct 
oversight as well as an obligation to give agencies the tools they 
need to conduct their own oversight. Agencies need more well- 
trained acquisition personnel to effectively oversee complex systems 
and to ensure that the government is a smart and diligent con- 
sumer. FITARA recognizes this need. 

Congress must also ensure that agencies have the resources to 
hire and retain qualified personnel that embrace the added author- 
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ity and additional responsibilities provided to chief information offi- 
cers by this law. Congress, together with administration, should 
pursue ways to retain their expertise, train them in the most cut- 
ting-edge techniques, and support their critical work. 

In April 2015, 0MB released for public comment proposed guid- 
ance on how agencies are to implement FITARA. Today, after solic- 
iting public feedback and conducting numerous outreach sessions 
with stakeholders and experts, 0MB issued its final guidance to 
agencies on the management and oversight of information tech- 
nology resources. 

I want to thank each of the witnesses for testifying today and for 
being here. I look forward to hearing your thoughts on this agency 
implementation, how we can improve the management of Federal 
IT. And I want to thank you again, Mr. Chairman. 

Mr. Hurd. Thank you, Ms. Kelly. 

Mr. Hurd. And now I’d like to recognize Mr. Meadows, chairman 
of the Subcommittee on Government Operations for his opening 
statement. 

Mr. Meadows. Thank you, Mr. Chairman. Thank each of you for 
being here. 

Mr. Chairman, I want to just thank you for taking a topic that, 
as you mentioned, back home in Texas may not have been the 
number one topic for people to talk about. But I can tell you in 
terms of making real impact, this particular issue, under your lead- 
ership and that of Ms. Kelly, will truly transform how we do busi- 
ness. You know, just in the last few days we’ve heard of all kinds 
of taxpayer information, employees, 4 million employees. When we 
start to think about the cyber attacks, that goes hand in glove with 
some of our IT acquisitions. And so I look forward to working with 
you and the ranking member, certainly with 0MB as you work to 
try to streamline what we’re doing and make it more efficient. 

The GAO, you all have done some great work. I’ve read a lot of 
your work as it identifies this. And, Mr. Spires, I understand you 
have you a background with the IRS, and I was troubled to hear 
the other day that they still have aspects of their IT that has either 
COBOL or FORTRAN programming. Now, I shared that with some 
of the people in my office, and I said to give you an idea, those lan- 
guages are older than you are. And so they were languages that 
I was learning when I was in college. And so just the maintenance 
of those kinds of languages and where we’ve come today, it’s unbe- 
lievable that we would still be holding on to our security blanket. 

And indeed when we do that, you know, we don’t want to get rid 
of the old system because everybody’s familiar with it and it’s too 
much trouble to bring in the new system. You guys have heard it 
all, and yet what we find is the attackers. The one thing that may 
have saved us on some of those systems is the language is so old 
they can’t figure it out. But in doing that, we’ve got to make a real 
investment. The chairman mentioned $80 billion. Well, really, we 
know that it’s actually higher than that. And when you look at 
those offline IT acquisitions that are in some of those areas that 
we do not actually openly debate, we know that the figure could be 
well in excess of $100 billion. 

And so as we start to look at this, it is critical from — not only 
from an accountability standpoint but from a procurement stand- 
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point that we actually address this in a real way. And so my com- 
pliment to all of those that have been leading the way. But I look 
forward to serving in a great way under the leadership of you, Mr. 
Chairman, and the ranking member as we move forward. 

And with that I’ll yield back. 

Mr. Hurd. Thank you, Mr. Chairman, and thank you for taking 
me back to my youth when we talked about COBOL as something 
that was super old even when I was a youngster studying computer 
science at Texas A&M University. 

Mr. Hurd. We’re going to recognize Mr. Connolly when he ar- 
rives for an opening statement, but, you know, we’re going to also 
hold the record open for 5 legislative days for any members who 
would like to submit a written statement. 

And we will now recognize our panel of witnesses. I’m pleased to 
welcome Mr. Tony Scott, U.S. Chief Information Officer of the Of- 
fice of E-Government and Information Technology at the Office of 
Management and Budget. And, sir, you have your hands full, sir, 
and I know you’ve been working on in these 4 months that you’ve 
been on the job. 

The Honorable Anne Rung, Administrator for the Office of Fed- 
eral Procurement Policy at the Office of Management and Budget 
as well. Thank you for being here, Ms. Rung. 

Dr. David Powner, Director of IT Management Issues at the U.S. 
Government Accountability Office. 

And Richard Spires, CEO of Resilient Network Systems and 
former Chief Information Officer at the IRS and Department of 
Homeland Security. 

Welcome to you all, and thank you for being here, and pursuant 
to committee rules, all witnesses will be sworn before they testify. 
Please rise and raise your right hands. 

Do you solemnly swear or affirm that the testimony you are 
about to give will be the truth, the whole truth, and nothing but 
the truth? 

Thank you. Please be seated. And let the record reflect the wit- 
nesses answered in the affirmative. 

In order to allow time for discussion, please limit your testimony 
to 5 minutes. Your entire written statement will be part of the 
record. And, again, I think our first testimony is going to be Ms. 
Rung. 


WITNESS STATEMENTS 

STATEMENT OF THE HONORABLE ANNE RUNG 

Ms. Rung. Chairman Hurd, Ranking Member Kelly, Chairman 
Meadows and Ranking Member Connolly, and members of the sub- 
committees, thank you for the opportunity to appear before you 
today to discuss how the acquisition and information technology 
communities are working together to implement FITARA to drive 
greater IT performance. 

As the administrator for Federal procurement policy, I appreciate 
how FITARA will help address some of the complexity of the Fed- 
eral acquisition system which often leads to ineffective and ineffi- 
cient use of taxpayer funds, especially in IT contracting. 
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In December 2014, I established a blueprint to simplify the ac- 
quisition system that I believe will help advance some of FITARA’s 
key provisions such as those calling for maximizing the benefit of 
strategic sourcing, developing government-wide software licenses, 
and expanding workforce training in the use of IT cadres. 

Today I would like to take this opportunity to briefly highlight 
some of the work that the Office of Federal Procurement Policy is 
doing to implement FITARA in partnership with Federal CIO Tony 
Scott and the Federal IT and acquisition community. 

First, FITARA calls for GSA to establish an enterprise-wide soft- 
ware program on behalf of civilian agencies to reduce lifecycle cost 
and improve asset management practices. To implement this sec- 
tion, Tony Scott and I chartered the enterprise-wide software cat- 
egory team to serve as lead for IT software. The team includes rep- 
resentatives from the Office of Management and Budget, GSA, and 
the Department of Defense. The team is tasked with developing 
and implementing a strategic plan to increase the number of enter- 
prise license agreements, recommend policy changes to 0MB to im- 
prove the acquisition of management of software, and monitor 
agency progress. We will then use the existing PortfolioStat process 
to hold agencies accountable for moving to these shared solutions 
as appropriate. 

Also a FITARA provision directs the Federal Acquisition Regu- 
latory Council to implement a preference in the Federal Acquisition 
Regulation for strategically sourced vehicles. The FAR Council has 
opened this case and will issue a rule for public comment later this 
summer. Such a preference will help OFPP raise the visibility of 
these solutions, promote their use, and better leverage the govern- 
ment’s buying power. This rule will complement other strategies 
that OFPP is developing around category management to better 
manage our spend and improve results for the taxpayer. 

Category management is an approach taken from the private sec- 
tor which manages entire categories of common purchases across 
the government and utilizes teams of experts to manage those spe- 
cifics categories. OFPP, DOD, and the General Services Adminis- 
tration have mapped the more than $275 billion of common spend 
into ten super categories, including IT. While we’re moving forward 
aggressively to collect and share information across all 10 cat- 
egories, we’re beginning with our deepest dive in IT. By managing 
IT as a category driving government-wide strategies like moving to 
a single software license for certain areas, we’ll address many of 
the issues of duplications and inefficiencies raised by GAO and this 
committee. 

Finally, as FITARA recognizes, building the skills of our acquisi- 
tion workforce is the single most important way to ensure that the 
government gets what it needs on time and on budget. Working 
with OMB’s Office of E-Government and Information Technology, 
the U.S. Digital Services Team, and the Office of Science and Tech- 
nology Policy, we have taken steps in the last year to drive greater 
IT expertise in our IT acquisition workforce. There is no doubt that 
FITARA will help me and my colleagues drive greater efficiencies 
and effectiveness in IT acquisitions in support of agency mission 
performances. 
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I want to thank you for your thoughtfulness, vision, and hard 
work to make this happen. This work is incredibly complex and re- 
quires commitments from the most senior agency officials to the 
newest members of our acquisition and technology teams, and 
FITARA has really helped to catalyze our efforts. Tony Scott and 
I will continue to work together with our respective councils to 
strengthen and reinforce our efforts to reduce the cost and increase 
the value of our IT acquisitions. 

I appreciate the opportunity to be here today and look forward 
to any questions you might have. 

Mr. Hurd. Thank you, Ms. Rung. And, again, thanks for being 
here. 

[Prepared statement of Ms. Rung follows:] 
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EXECUTIVE OFFICE OF THE PRESIDENT 
OFFICE OF MANAGEMENT AND BUDGET 
WASHINGTON, D.C. 20503 
vvww.vvhitehouse.gov/oinb 


TESTIMONY OF ANNE E. RUNG 
ADMINISTRATOR FOR FEDERAL PROCUREMENT POLICY 
OFFICE OF MANAGEMENT AND BUDGET 
BEFORE THE SUBCOMMITTEES ON 

INFORMATION TECHNOLOGY AND ON GOVERNMENT OPERATIONS OF THE 
COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM 
UNITED STATES HOUSE OF REPRESENTATIVES 


June 10, 2015 


Chairman Hurd, Ranking Member Kelly, Chairman Meadows, Ranking Member 
Connolly, and Members of the Subcommittees, thank you for the opportunity to appear before 
you today to discuss how the acquisition and information technology (IT) communities are 
working together to implement the Federal Information Technology Acquisition Reform Act 
(FITARA) in support of more effective agency mission performance. I want to thank you for 
your thoughtfulness, vision and hard work on FITARA to help my colleagues and me drive 
greater efficiencies and effectiveness in IT acquisitions. 

As the Administrator for Federal Procurement Policy, I especially appreciate how 
FITARA will help address some of the complexity of the federal acquisition system, which often 
leads to ineffective and inefficient use of taxpayer funds especially in IT contracting. In 
December 2014, my office established a blueprint' to simplify the acquisition system that will 
help advance some of FITARA’s key provisions, such as those calling for maximizing the 
benefits of strategic sourcing, developing Government-wide software licenses, and expanding 
workforce training and the use of IT cadres. Today, I would like to highlight some of the work 
that the Office of Federal Procurement Policy (OFPP) is doing to implement FITARA in 
partnership with the Federal CIO, Tony Scott, and the Federal IT community in support of these 
important principles. 


' Transforming the Federal Marketplace: Simplifying Federal Procurement to Drive Performance, Drive Innovation, 
and Increase Savings - https://wwiv,vvhileliouse.gQv'sileVdefaull/files'Qnib/procureiiieni/menio/simolifving-federal- 
Drocuremcni-to-imDrove-peiformance-drive-innovalion-increasc-savines.ndf 


1 
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Each year, the Government spends over $80 billion for IT, including common 
commodities - like hardware and software - and complex systems development acquisitions. 
However, the complexity of the Federal contracting process, with its extensive contract 
duplication. Government-unique requirements, and excessively prescriptive contract language, 
can drive up transactions costs, slow the acquisition cycles, and even stifle innovation. In the 
commodity space, contracting officers are not always aware of - or often do not use - existing 
vehicles that could meet their agencies' needs. Even when they award new contracts, they 
generally do not have access to critical prices-paid information, so they risk overpaying for many 
common commodities. Both of these challenges lead to a reduction in the Government’s buying 
power and diminish the Federal Government's market profile. The IT and the acquisition 
communities are working more closely than ever to find opportunities to overcome these 
challenges and provide greater value to the taxpayer, and FITARA will drive better alignment of 
agencies’ IT and acquisition functions. Below are some of the steps we are taking to simplify the 
acquisition process that support key elements of this important legislation. 

Maximizing our Position as the World’s Largest Buyer 

With over 3,300 contracting offices and often thousands of contracts for the same goods 
and services - many with the same vendor - the Federal Government buys like many small, 
separate entities. Our early strategic sourcing efforts helped us save money by reducing unit 
prices, applying effective demand management strategies, and avoiding duplicative 
administrative costs, and we have saved $467 million since 201 0 as a result of these initiatives. 
Now, we are taking these important first steps even further through implementation of category 
management (CM), an approach successfully used widely in the private sector and by other 
governments, and builds on the success of strategic sourcing by managing entire categories of 
common purchases across the Government and utilizing teams of experts to manage those 
specific categories. By bringing common spend under management (SUM) through the 
collection and analysis of prices paid and other key performance information, agencies will be 
better positioned to get the same competitive prices and performance quality that their colleagues 
in other agencies are getting. Strategic sourcing will continue under CM, and will be one of the 
many tools that a category team can use to drive down total cost and improve performance. 


2 
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OFPP and the General Services Administration (GSA) have mapped the more than $275 
billion of common spend into ten super categories, such as IT, transportation, and professional 
services, and are doing our deepest dive in IT. The Category Management Leadership Council 
(CMLC), which includes the Chief Acquisition Officers and Chief Information Officers from the 
largest agencies, is helping us prioritize our FITARA implementation and other IT improvement 
efforts. For example, we are: 

• Developing more Government-wide software license agreements - The Government 
spends about $5.5 billion on IT software, and although a majority of this spend flows 
through two major avenues - the GSA Schedules and NASA SEWP contract - there are 
over 41,000 transactions with an average spend per transaction of $126,000, which 
suggests a largely inefficient and fragmented system. Further exacerbating the problem 
is that agencies buy and manage their licenses in a decentralized manner, are challenged 
to get accurate inventories of existing licenses, often purchase bundled software packages 
that are underutilized, and do not share pricing and/or terms and conditions to allow for 
better purchasing. FITARA^ addressed these challenges directly, and called for GSA to 
establish an enterprise software program on behalf of civilian agencies to reduce life 
cycle cost and improve asset management practices. 

To implement this section, CIO Tony Scott and I chartered the Enterprise Software 
Category Team (ESCT) to serve as the category management lead for IT software; the 
team includes representatives from the Office of Management and Budget (0MB), GSA, 
and the Department of Defense. The ESCT is tasked with developing and implementing 
a strategic plan to increase the number of enterprise license agreements, recommending 
policy changes to OMB to improve the acquisition and management of software, and 
monitoring agency progress. We will then use the existing PortfolioStat process to hold 
agencies accountable for moving to these shared solutions, as appropriate. 

• Establishing a preference for leveraged acquisitions - The FITARA provision^ for 
establishing a preference in the Federal Acquisition Regulation (FAR) for strategically 

^ Section 837 of the National Defense Authorization Act (NDAA) for Fiscal Year 2015 
’ Section 836 of the NDAA for Fiscal Year 2015 
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sourced vehicles will help OFPP raise the visibility of these solutions, promote their use, 
and better leverage the Government’s buying power. Later this summer, the Federal 
Acquisition Regulatory Council will issue a rule to implement this preference for public 
comment. This rule will complement other strategies that OFPP is developing with the 
CMLC to better manage our spend and improve results for the taxpayer. 

• Measuring our progress - The CMLC recently approved new Cross Agency Priority 
Goals for Category Management; the new goals will be announced publicly soon. One of 
the key metrics to measuring success of CM is increasing SUM through better 
interagency collaboration and understanding of user requirements, market dynamics and 
purchasing patterns. 

Giving our Workforce the Tools to Drive Innovation 

Building the skills of our acquisition workforce is the single most important way to 
ensure that the Government gets what it needs on time, and within budget, and we were pleased 
to see this principle reflected in FITARA. With agencies facing increasingly complex 
requirements each year, however, the federal acquisition professionals need new tools and new 
training to help them get their work done more efficiently and effectively. Working with OMB’s 
Office of E-Government and Information Technology, the U.S. Digital Service, and the Office of 
Science and Technology Policy, we have taken bold steps in the last year to drive innovation in 
the workforce, and FITARA will drive us to take additional steps to better support our 
workforce. Examples include: 

• Promoting the use of IT cadres - FITARA codifies several of our existing efforts to 
improve IT acquisition, such as OFPP’s July 201 1 guidance for building specialized IT 
acquisition cadres'* and the December 2013 introduction of IT specialization for the 
civilian agency Project and Program Manager certification’. According to the civilian 
agency Acquisition Human Capital Plans received in April 2015, about half of the CFO 
Act civilian agencies have already implemented some form of IT acquisition cadres and 

hups:/; WWW. v-hitehouse-ii:ov'.site-';:derauit'files.^omb''procuremenPmemo/iniidaiice-for-speciiiiized-acauisilion- 
cadres.pdf 

^ jlLtps://www.\vhitehouse.i»ov-'sites.'default/riles-onib.'prQCurement.*menio.dac-pDm-re\'ised-dec-20!3.pdf 

4 
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many others are either planning to do so or have implemented other strategies to improve 
IT acquisition. 

• Developing Certified Digital IT Acquisition Specialists - OFPP and the U.S. Digital 
Service are working with industry to develop and pilot the Government’s first cadre of 
certified digital IT acquisition specialists. The contracting professionals who complete 
the program will be assigned to agency digital services teams to further develop these 
skills within their agencies. 

• Creating Tools - To ensure our workforce has the tools it needs, we issued the TechFAR 
Handbook last summer to help agencies leverage existing regulatory flexibilities to 
acquire development services using strategies in the Digital Services Playbook, such as 
agile software development, that are routinely used in the private sector to successfully 
deliver digital services. More recently, we launched a new podcast series, “Behind the 
Buy,” where procurement and program offices can hear how their colleagues have used 
agile and other strategies in the Digital Services Playbook and TechFAR Handbook to 
meet everyday needs, such as for web management systems, software application 
platforms, and cloud services. 

This work is complex and requires commitment from the most senior agency officials to 
the newest members of their acquisition and technology teams, and FITARA has helped to 
catalyze our efforts significantly. Tony Scott and 1 will continue to work together with our 
respective councils to strengthen and reinforce our efforts to reduce the cost and increase the 
value of our IT acquisitions. 

I appreciate the opportunity to be here today, and look forward to any questions you 
might have. 


5 
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Mr. Hurd. Mr. Scott, over to you for 5 minutes. 

STATEMENT OF TONY SCOTT 

Mr. Scott. Thank you, Chairman Hurd, Ranking Member Kelly, 
Chairman Meadows, Ranking Member Connolly, and members of 
the subcommittees. Thank you for your bipartisan work in passing 
the first major overhaul of Federal information technology in al- 
most 20 years. Overseeing government-wide implementation of 
FITARA is one of my top priorities. 

FITARA, as you know, strengthens key IT reform initiatives to 
improve efficiency, effectiveness, and security of Federal agency 
programs and operations by codifying PortfolioStat, TechStat, and 
our data center initiatives. Since 2012 the Federal Government has 
achieved over $3 billion in cost savings and avoidance and count- 
less other improvements as a result of these reform efforts. But de- 
spite these successes, major changes are needed to achieve the full 
potential of IT in the Federal Government. I learned in the private 
sector that a strong foundation of visibility into IT spending, part- 
nerships with program leaders, and a solid understanding of IT’s 
critical role in achieving mission outcomes is crucial for effectively 
managing technology in any enterprise. 

A core part of my team’s work will be to build this new founda- 
tion by implementing FITARA in a way that’s workable and con- 
sistent. And today I’m pleased to tell you that we’ve released our 
FITARA implementation guidance. I would like to provide you with 
a brief overview of the development process, key components, and 
implementation plans related to our guidance. 

First, our FITARA guidance is the result of extensive outreach 
and collaboration conducted over the past several months, mir- 
roring the collaborative process used to develop the law itself My 
team and I met several times — multiple times with a diverse set 
of public and private sector stakeholders, and also provided for gen- 
eral public feedback to bring transparency to Federal policymaking 
and to reach a broad audience. 

Our guidance takes major steps in ensuring CIOs have a seat at 
the table for technology-related budget, procurement, and work- 
force matters. And the backbone of our guidance is the common 
baseline which outlines roles and responsibilities for CIOs and 
other senior agency officials. More importantly, it establishes the 
groundwork for productive partnerships among these leaders to 
make IT decisions that best support missions. 

And, finally, it positions CIOs so they can be held accountable for 
how effectively they manage the full life cycle of IT-related prod- 
ucts, services, and customer and citizens outcomes, and achieve ef- 
ficient, effective, and secure programs and operations. 

Because agencies operate in unique environments, our guidance 
provides for a CIO assignment plan to give agency CIOs the flexi- 
bility to meet the baseline in a manner that’s tailored to their orga- 
nization. This allows CIOs to designate other officials to act as 
their representative in aspects of the common baseline in a rules- 
based manner if approved by 0MB. The common baseline in the 
CIO assignment plan allows CIOs to retain oversight and account- 
ability while minimizing bottlenecks. 
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And as discussed in the guidance, we will utilize PortfolioStat 
processes to hold agencies accountable for their implementation of 
our FITARA guidance. This guidance also details a number of other 
important components such as tools to enhance security, account- 
ability, data center optimization, and our Federal technology pro- 
curement process. I’m certain that our guidance will have signifi- 
cant positive effects throughout government, including helping to 
address issues called out by GAO over the years, and most recently 
GAO’s high risk list entry regarding improving the management of 
information technology acquisitions and operations. 

In addition to the PortfolioStat sessions, 0MB, through its policy 
and oversight role, is committed to working with agencies in their 
implementation of this guidance by number one, evaluating agency 
self-assessment and implementation plans; number two, requiring 
agencies to post their approved plans publicly, enabling consistent 
0MB, legislative, and public oversight; and, third, by engaging 
with the President’s management council, the CIO council, and the 
FITARA executive working group to facilitate implementation and 
knowledge sharing. 

I also look forward to working with Congress to ensure consistent 
oversight and implementation of our guidance in the law. 

I thank the subcommittees for holding this hearing and for your 
commitment to ensuring successful implementation of FITARA. 
And I would be pleased to answer any questions you may have. 

Mr. Hurd. Thank you, Mr. Scott. 

[Prepared statement of Mr. Scott follows:] 
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June 10, 2015 

Chairman Hurd, Ranking Member Kelly, Chairman Meadows, Ranking Member Connolly, and 
Members of the Subcommittees, thank you for the opportunity to appear before you today, and 
thank you for your bipartisan work in passing the first major overhaul of Federal information 
technology (IT) in almost 20 years. As some of you may know, I began my role as Federal Chief 
Information Officer (CIO) just over four months ago. Since then, 1 have come to appreciate both 
the complexity of Federal IT as well as the unprecedented opportunity for technology to 
accelerate the quality and timeliness of services delivered to the American people. Overseeing 
the government-wide implementation of the Federal Information Technology Acquisition 
Reform Act (FITARA) is one of my top priorities and is key to ensuring that agencies are able to 
leverage technology in carrying out their missions efficiently and effectively. 

As the Federal CIO, I work with Congress, agencies, and industry to advance Federal IT by 
focusing on four objectives: (1) driving value in Federal IT investments, (2) delivering world- 
class digital services, (3) protecting Federal IT assets and information, and (4) developing the 
next generation IT workforce. We recently added this last objective, partly in response to 
FITARA’s strengthened CIO role and the need to align IT professionals across each agency to 
support collective goals and mission outcomes. FITARA enables the achievement of these 
objectives by providing agency CIOs with the authorities and visibility needed to manage IT 
across an agency and by setting the expectation that these CIOs will work in partnership with 
other agency leaders. 
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FITARA also strengthens key IT reform initiatives that improve the efficiency and effectiveness 
of Federal agency programs and operations by codifying PortfolioStat, TechStat, and our data 
center optimization activities, among others. Since 2012, the Federal government has achieved 
over $3 billion in cost savings and avoidance as a result of these reform efforts. In fact, we 
recently reached a significant milestone by hitting our targeted savings of $2,5 billion from 
PortfolioStat alone. 

Despite these successes, ray past experience has taught me that, without a strong foundation, it is 
difficult for initiatives to fully take root throughout an organization. My time as a CIO in the 
private sector taught me the importance of having visibility into IT spending, forging strong 
partnerships with program leaders, and having a solid understanding of the critical role that IT 
plays in serving the organizations’ mission. This critical foundation does not exist consistently 
throughout the Federal Government, and we have seen agencies struggle with implementation of 
IT projects that lack close coordination between the CIO and other agency leaders. A core part of 
my team’s work going forward will be to build this new foundation for effective management of 
technology through &11 implementation of FITARA in a way that is workable, collaborative, 
effective, and consistent. Today, 1 am pleased to be releasing in conjunction with this hearing our 
final FITARA implementation guidance — Management and Oversiglit of Information 
Technology Resources. 


Outreach 

Our FITARA implementation guidance is the result of extensive outreach and collaboration 
conducted over the past several months, mirroring the collaborative, bipartisan nature of the 
legislation itself. My team and I met with stakeholders from within and outside the Federal 
government to discuss best methods of implementation by: 

• Holding meetings with the President’s Management Council (PMC), the CIO Council, 
and reaching out to the other executive councils, including the Chief Acquisition Officers 
Council, Chief Finance Officers Council, and Chief Human Capital Officers Council to 
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provide an ovemew of FITARA and seek recommendations in areas where additional 
guidance could be beneficial; 

• Establishing a FITARA Executive Working group composed of senior agency executives 
across management domains, as well as consulting with staff from across agencies; 

• Hosting a series of informational meetings and teleconferences with non-governmental 
groups and private-sector experts; and 

• Circulating draft guidance for government-wide interagency comment. 

In addition, to advance the collaborative nature of our policy development process, we released 
the proposed guidance for public feedback on the open source platform GitHub to provide 
transparency in Federal policymaking and to reach a broad audience to solicit ideas on ftirther 
enhancing the policy. 

Key Elements of Guidance 

Our guidance takes major steps toward ensuring agency CIOs have significant involvement in 
teclmology-related budget, procurement, and workforce matters and provides details on how we 
will implement and provide further guidance on a number of 0MB initiatives that were codified 
in FITARA. 

The backbone of our guidance is the “Common Baseline,” which provides direction on the CIO’s 
and other Senior Agency Officials’ roles and responsibilities for the management of IT. More 
importantly, it creates a foundation for lasting partnerships among CIOs, CXOs, and program 
leaders to make budget and procurement decisions that best support agency missions. It also 
takes major steps toward positioning CIOs so that they can be held accountable for how 
effectively they manage the full lifecycle of IT products and services used by their agencies and 
how well their agencies use modem digital approaches, including incremental development, to 
achieve the objectives of efficient, effective, and secure programs and operations. 

Because agencies operate in unique environments, our guidance provides for a “CIO Assignment 
Plan” to give agency CIOs the flexibility to meet the Common Baseline requirements in a 
manner tailored to the work and structure of the organization. This approach allows agency CIOs 
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to designate other agency officials to act as their representative in certain aspects of the Common 
Baseline in a rules-based manner, such as by dollar threshold or existing legal requirements, as 
long as the plan is reviewed and approved by OMB. We believe that this combination of a 
Common Baseline coupled with a flexible CIO Assignment Plan allows for agency CIOs to 
retain oversight and accountability while minimizing the chance for bottlenecks. 

As discussed in the guidance, we will utilize the PortfolioStat process to provide feedback and 
hold agencies accountable for their implementation of the law and Common Baseline. In 
addition, we will continue to use PortfolioStat to ensure efficient, effective, and secure systems 
and operations across the Federal IT portfolio, as mandated by FITARA. Data center 
optimization will remain a key component of PortfolioStat, and my office is currently developing 
a revised data center policy that encompasses the requirements of FITARA and offers a fresh 
vision for the initiative. Our FITARA implementation will also result in enhanced efficiencies in 
Federal technology procurements by strengthening the Federal Strategic Sourcing Initiative and 
requiring government-wide enterprise software licenses as part of category management. Finally, 
our guidance provides for the CIO visibility and involvement necessary for the consistent 
application of appropriate cybersecurity controls across an agency. 

Implementation 

OMB, through its policy and oversight role, is committed to working with agencies in their 
implementation of this guidance. We will do this by: 

• Evaluating Agency Self-Assessment and Implementation Plans. Agencies are required 
by our guidance to submit to OMB by August a self-assessment describing how their 
agency currently operates compared to the Common Baseline, as well as an 
implementation plan describing what actions the agency will take to ensure that all 
Common Baseline requirements are implemented by the end of the year. Agencies must 
update their implementation plans at least once per year starting in April 2016. 

• Public Posting of Agency Plans. Agencies must post their OMB-approved plans on their 
public website, enabling OMB, Congress, and the U.S. Government Accountability 
Office (GAO) to conduct consistent oversight and follow-up. OMB will make this 
available at a central location. 


4 



18 


Embargoed until Delivered 

• Conducting PortfolioStat Oversight. OMB will include a review of agency progress 
and dedicate time to discussing obstacles and successes during quarterly PortfolioStat 
sessions. 

• Engaging with Partners. OMB will engage the PMC, CIO Council, and FITARA 
Executive Working Group to facilitate implementation and knowledge sharing across 
government. 

• Following Up on GAO Recommendations. My office will work with agencies to ensure 
that steps are being taken to close the numerous GAO recommendations that can be 
remedied through FITARA implementation, which will help address the GAO High Risk 
entry on Improving the Management of Information Technology Acquisitions and 
Operations. 

In addition to these actions, I look forward to working closely with Congress to ensure consistent 
oversight and implementation of FITARA and OMB’s guidance. 

I thank the Subcommittees for holding this hearing, and for your commitment to ensuring 
successful implementation of FITARA. I would be pleased to answer any questions you may 
have. 
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Mr. Hurd. Mr. Powner, 5 minutes. 

STATEMENT OF DAVID A. POWNER 

Mr. Powner. Chairmen Hurd, Meadows, Ranking Members Kelly 
and Connolly, and members of the subcommittees, we appreciate 
the opportunity to testify this afternoon on our recent addition of 
IT acquisitions and operations to GAO’s high risk list. 

The Federal Government has wasted billions of dollars over the 
years on failed IT acquisitions. In addition to these acquisition 
challenges, operational systems are fraught with duplication and 
inefficiencies. I’d like to thank this committee for its excellent work 
and persistence on getting FITARA passed. If implemented effec- 
tively by 0MB and the agencies, FITARA will greatly improve IT 
acquisitions and operations. However, strong congressional over- 
sight is needed to make this happen. 

This afternoon I’d like to discuss five specific areas that need to 
be addressed, starting with two that are associated with oper- 
ational systems. As my written statement shows, we spend nearly 
75 percent of the IT dollars on operational or legacy systems, leav- 
ing far too little to modernize the Federal Government. So we need 
to find ways to shift these dollars towards acquiring new tech- 
nologies to further mission performance. 

The first is data center consolidation, where there is at least $7.5 
billion on the table. Agencies to date have made solid progress clos- 
ing over 1,200 of the 9,700 centers and saving about $2 billion. The 
plan is to close an additional 2,600 centers and save an additional 
$5.5 billion. We think these savings can be higher because when 
we last looked at this, we saw good progress from agencies like 
DOD, DHS and Treasury, but six agencies reported significant clo- 
sures without much in associated savings, and we recommended 
that they take a look at this. 

These agencies are GSA, HHS, Interior, Justice, Labor, and 
NASA. FITARA requires agencies to report on these cost savings 
annually, and this should be a major oversight area for the Con- 
gress. 

The second area is PortfolioStat, an excellent initiative to elimi- 
nate duplicative systems. The Federal Government has hundreds of 
financial management and human resource systems, for example, 
where $2, $3 billion are spent annually in each of these areas. 
Agencies initially identified over 200 initiatives to eliminate dupli- 
cation, and the plan was to save $6 billion. In April we reported 
that planned savings were down from this original estimate and 
that the estimates were inconsistent with congressional reporting 
and did not follow 0MB guidance. 0MB needs to ensure that 
PortfolioStat savings are complete, especially since FITARA re- 
quires congressional reporting on this. 

Now, turning to systems acquisitions. Too often we hear of failed 
projects like DOD’s ECSS project where $1 billion was wasted. 
There are three major areas where improvements would greatly 
help the Federal Government’s delivery track record. These are, 
better planning, transparency, and oversight. 

Starting with planning. Agencies need to go small and take an 
incremental approach to systems delivery. OMB’s policy of requir- 



20 


ing major investments to deliver in 6 months is simply not enforced 
consistently, and less than half of the IT acquisitions are planning 
to deliver within 6 months. FITARA requires that CIOs certify that 
IT investments are using this incremental approach. Again, con- 
gressional oversight in this area is also needed to ensure that the 
incremental certification does occur. 

Transparency. Of the 700 major investments reported on the IT 
dashboard, about 180 or roughly one-quarter are desimated as 
moderate or high risk. These 180 projects total about $9 billion. 
Many agencies have accurate information on the dashboard and 
use that information to tackle troubled projects. For example, HHS, 
DHS, Commerce, and Interior acknowledge that many projects and 
dollars are at risk. And we believe that this is a good sign so that 
appropriate attention can be given to these risky projects. Others 
do not have accurate information on the dashboard. 

In addition to questioning CIOs on the accuracy of these ratings, 
this committee also needs to push 0MB to make these ratings 
available throughout the year. Again, this year the dashboard rat- 
ings were frozen from August 2015 through March during budget 
deliberations. This simply needs to stop so that there is constant 
investment transparency. We learned just last week that 0MB has 
plans to address this. 

The final area is oversight. 0MB and agencies need to hold exec- 
utive governance reviews of troubled projects so that course correc- 
tion can occur. And when needed, poorly performing projects need 
to be stopped, and those in charge need to be held accountable. 
These occurred frequently right after the dashboard went live with 
OMB’s TechStat sessions with great results. Several under-per- 
forming projects were corrected, descoped, and several were even 
halted. 

In summary, by tackling duplicative IT systems and consoli- 
dating data centers, upwards of $10 billion can be saved. And on 
acquisitions, agencies need to go small, be more transparent on 
project status, and aggressively oversee the projects at risk. 

This concludes my statement and I would be pleased to answer 
questions. 

Mr. Hurd. Thank you, sir. 

[Prepared statement of Mr. Powner follows:] 
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Highlights 

Highlights of GAO-15-675T, a testimony 
before the Subcommittees on Government 
Operations and information Tecrfwology, 
Committee on Overeighl and Government 
Reform, House of Representatives 


Why GAO Did This Study 

The federal government invests more 
tttan $8& billion annually in IT. 

However^ tttese investments frequency 
fail, inoir cost overruns and schedule 
^ippages, contribute little to 
mission-related outcomes. 11118 
undeiperfomianM of federal IT 
projects can be traced to a lack of 
disdpiined and effective management 
and inadequate executive-level 
ovei^ght. /^awdingly, in February 
2015, GAO added improving the 
management of IT acquisitions and 
operations to its high-risk list— a list of 
agencies and program areas that are 
h^h risk due to tiieir vulnerabilities to 
fraud, vmste, abuse, and 
mismanagement, or are most in need 
of transformation. 

GAO was asked to testify on its 
designation of the management of IT 
acquisitions and operations as a 
federal high-risk area and the impact of 
recwt legislation on IT acquisition 
reform, in preparing this statement, 
GAO reiled ori its previously published 
wodt In thi^ areas. 

What GAO Recommends 

From October 2009 through December 

2014, GAO made 737 
recommendations tb 0M6 and 
agencies to improve the management 
and oversight of IT. As of January 

2015, only abmit 23 percent of these 
hadtreen folly implerhented; 


View GAO-15-675T. For more infomiaWon. 
contact David A. Powner at {202} 512-9286 or 
pownenJ@gao.gov, Carol Cha at (202) 512- 
4456 or chac@gao.gov. or Vaterie Melvin at . 
{202) 512-6304 or meivinv@gao.gov. 


INFORMATION TECHNOLOGY 

Additional Actions and Oversight Urgentiy Needed to 
Reduce Waste and Improve Performance in 
Acquisitions and Operations 


What GAO Found 

Federal investments in information technology (IT) have often resulted in 
muitimiiiion dollar cost overruns and years-tong schedule delays, with 
questionable mission-related achievements. Further, the implementation of 
initiatives to improve IT acquisitions has been inconsistent For example, the 
Office of Management and Budget (0MB) established a process for holding fece- 
to-face investment performance reviews between agencies and 0MB (referred to 
as “TechStats"). However, as of 201 3 less than 20 percent of at-risk investments 
across the government had undergone such reviews, even though GAO has 
identified a number of ongoing IT investments with significant issues that require 
attention. 0MB also requires investments to deliver capabilities every 6 months, 
but as GAO reported in 2014, less than half of selected investments at five major 
agencies planned to deliver capabilities in 12-month cycles. 

To facilitate transparency across the government in acquiring and managing IT 
investments, 0M8 established a public website — the IT Dashboard — to provide 
detailed information on major investments at federal agencies. As of May 201 5, 
the Dashboard showed that 178 of the government's 738 major Investments — 
totaling $8.7 billion— were in need of management attention due to their risk. 
Moreover. 0MB does not update the public version of the Dashboard while the 
President’s budget request is being formulated, most recently for more than 6 
months. GAO has made multiple recommendations to improve the Dashboard. 

Further opportunities for savings and efficiency exist in agencies’ spending on 
■‘commodify” IT (e.g.. IT infrastructure, enterprise systems such as e-mail, and 
systems that perform administrative functions) and the consolidation of federal 
data centers. The table below shows savings realized or planned from the 
consolidation of federal data centers. 


Estimated, Actual, or 

Planned Savinos from Data Center Consolidation (Dollars In Millions) 


Estimated/Actuai 

Planned 



Fiscal year 

2011 2012 2013 

2014 2015 2016 2017 

Beyond 

2017 

Total 

Total savings and 
avoidances 

$192 $268 $683 

$895 $1,250 $917 $1,144 

$2,100 

$7,449 


$1,143 total 

$6,306 total 




SouTM. GAO or aqency data | GAO-15.«7ST 


However, limitations exist in how agencies report savings in these areas: better 
tracking them would provide for greater transparency and oversight. 

Recognizing the importance of these issues, a law was recently enacted aimed 
at reforming federal IT acquisition. This legislation should help address the key 
issue areas identified in GAO's high-risk designation. 0MB has released 
proposed guidance for agencies to implement provisions of this law, to include 
implementing roles and responsibilities for senior agency officials. To improve the 
management of IT acquisitions and operations, it is also critical for agencies to 
implement GAO’s prior recommendations and demonstrate measurable 
government-wide progress in key areas such as delivering IT systems 
incrementally and realizing planned data center savings. 


United States Government Accountability Office 
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Chairmen Hurd and Meadows, Ranking Members Kelly and Connolly, 
and Members of the Subcommittees; 

i am pleased to be here today to discuss our recent designation of 
information technology (IT) acquisitions and operations as a government- 
wide high-risk area, as well as the impact of recently enacted federal IT 
acquisition reform legislation (commonly referred to as the Federal 
Information Technology Acquisition Reform Act or FITARA).’ As you 
know, the effective and efficient acquisition and management of IT 
investments has been a long-standing challenge in the federal 
government. 

The federal government has spent billions of dollars on failed and poorly 
performing IT investments, which often suffered from ineffective 
management, and spending on IT operations is inefficient. From October 
2009 through December 2014, we made 737 recommendations to 
address weaknesses in agencies’ IT management. In tight of these 
ongoing challenges, we recently added improving the management of IT 
acquisitions and operations to our list of high-risk areas for the federal 
government.^ 

My statement today will discuss this high-risk designation, as well as 
plans for implementing FITARA and those plans' impact on IT acquisition 
reform. We conducted the work on which this statement Is based in 
accordance with generally accepted government auditing standards. 
Those standards require that we plan and perform the audit to obtain 
sufficient, appropriate evidence to provide a reasonable basis for our 
findings and conclusions based on our audit objectives. We believe that 
the evidence obtained provides a reasonable basis for our findings and 
conclusions based on our audit objectives. A more detailed discussion of 
the objectives, scope, and methodology of this work is included in each of 
the reports on which this testimony is based.® 


Federal Information Technology Reform provisions of the Carl Levin and Howard P. 
’Buck' McKeon National Defense Authorization Act for Fiscal Year 201 5, Pub, L. No. 1 1 3- 
291, div. A, title VIII, subtitle D, 128 Stat. 3292, 3438-3450 (Dec. 19, 2014). 

^GAO, High-Risk Series: An Update. GAO-15-290 (Washington, D.C.: Feb, 11, 2015). 

®See the related GAO products page at the end of this statement for a list of the reports 
on which this testimony Is based. 


GAO-1 5-675T 
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Background 


The federal government invests more than $80 billion annually in IT. but 
many of these investments fail to meet cost and schedule expectations or 
make significant contributions to mission-related outcomes. We have 
previously testified that the federal government has spent billions of 
dollars on failed (T investments, such as 

• the Department of Defense's (DOD) Expeditionary Combat Support 
System, Nwhich was canceled in December 2012, after spending more 
than a billion dollars and failing to deploy within 5 years of initially 
obligating funds; 

• the Department of Homeland Security’s Secure Border initiative 
Network program, which was ended in January 201 1 , after the 
department obligated more than $1 billion to the program, because it 
did not meet cost-effectiveness and viability standards; 

• the Department of Veterans Affairs’ (VA) Financial and Logistics 
Integrated Technology Enterprise program, which was intended to be 
delivered by 2014 at a total estimated cost of $609 million, but was 
terminated in October 2011 due to challenges in managing the 
program; 

• the Office of Personnel Management's Retirement Systems 
Modernization program, which was canceled in February 2011, after 
spending approximately $231 million on the agency’s third attempt to 
automate the processing of federal employee retirement claims; 

• the National Oceanic and Atmospheric Administration, DOD, and the 
National Aeronautics and Space Administration’s National Polar- 
orbiting Operational Environmental Satellite System, which was a tri- 
agency weather satellite program that the White House Office of 
Science and Technology stopped in February 2010 after the program 
spent 16 years and almost $5 billion; and 

• the VA Scheduling Replacement Project, which was terminated in 
September 2009 after spending an estimated $127 million over 9 
years. 

These and other failed IT projects often suffered from a lack of disciplined 
and effective management, such as project planning, requirements 
definition, and program oversight and governance. In many Instances, 
agencies have not consistently applied best practices that are critical to 
successfully acquiring IT investments. 


GA0-15-675T 
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Federal IT projects have also failed due to a lack of oversight and 
governance. Executive-level governance and oversight across the 
government has often been ineffective, specifically from chief information 
officers (CIO). For example, we have reported that not all CIOs have the 
authority to review and approve the entire agency IT portfolio and that 
CIOs’ authority was limited. This has also been highlighted by 
Congress — the recently enacted law reforming federal IT acquisition is 
intended to, among other things, strengthen CIO authority and provide the 
oversight IT projects need.® 


Improving the 
Management of IT 
Acquisitions and 
Operations 


Although the executive branch has undertaken numerous initiatives to 
better manage the more than $80 billion that is annually invested in IT, 
federal IT investments too frequently fail or incur cost overruns and 
schedule slippages, while contributing little to mission-related outcomes. 
In light of these challenges, we recently introduced a new government- 
wide high-risk area. Improving the Management of IT Acquisitions and 
Operations. This area highlights several critical IT initiatives in need of 
additional congressional oversight, including reviews of troubled projects, 
an emphasis on incremental development, a key transparency website, 
reviews of agencies’ operational investments, and efforts to streamline 
agencies’ portfolios of IT investments. Implementation of these initiatives 
has been inconsistent, and more work remains to demonstrate progress 
in achieving IT acquisition outcomes. The recent IT reform legislation 
holds promise for improving agencies’ acquisition of IT, and the Office of 
Management and Budget (0MB) is developing guidance for agencies to 
implement its provisions. Implementing these provisions, along with our 
outstanding recommendations, is necessary for agencies to demonstrate 
progress in addressing this high-risk area. 


Reviews of TroubiBd in January 2010, the Federal CIO began leading TechStat sessions — 

Projects face-to-face meetings to terminate or turn around IT investments that are 

failing or are not producing results. These meetings involve 0MB and 
agency leadership and are intended to increase accountability and 
transparency and improve performance, 0MB reported that federal 


^GAO, Federal Chief Infonvation Officers,- Opportunities Exist to Irrrprove Role in 
Information Technology Management, GAO-11-634 (Washington. D.C,; Sept. 15. 2011). 

®Pub. L, No. 113-291, Div. A. title VIII. subtitle D, § 831(a) (Dec. 19. 2014). 
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agencies achieved over $3 billion in cost savings or avoidances as a 
result of these sessions In 2010. Subsequently, 0MB empowered agency 
CIOs to hold their own TechStat sessions within their respective 
agencies. 

We have since reported that 0MB and selected agencies held multiple 
TechStats, but additional 0MB oversight was needed to ensure that these 
meetings were having the appropriate impact on underperforming 
projects and that resulting cost savings were valid.® Specifically, 0MB 
reported conducting TechStats at 23 federal agencies covering 55 
investments, 30 of which were considered medium or high risk at the time 
of the TechStat. However, these reviews accounted for less than 20 
percent of medium- or high-risk investments government-wide. As of 
August 2012, there were 162 such at-risk investments across the 
government. Further, we reviewed four selected agencies and found they 
had held TechStats on 28 investments. While these reviews were 
generally conducted in accordance with 0MB guidance, areas for 
improvement existed. We concluded that until 0MB and agencies 
develop plans to address these investments, the investments would likely 
remain at risk. Among other things, we recommended that 0MB require 
agencies to address high-risk investments. 0MB generally agreed with 
this recommendation. 

However, over the last 2 years, 0MB has not conducted any TechStat 
reviews. In particular, as of March 2015, the last TechStat was held In 
March 2013 and 0MB has not listed any savings from TechStats in any of 
its required quarterly reporting to Congress since June 2012. 

Highlighting the importance of focusing more oversight on high-risk 
initiatives, in our most recent high-risk report we identified a number of 
ongoing Investments with significant issues requiring attention:^ 

• The Department of Health and Human Services’ HealthCare.gov 
website and its supporting systems, which were to facilitate the 
establishment of a health insurance marketplace by January 2014, 
encountered significant cost increases, schedule slips, and delayed 


®GAO. Information Technology: Additional Executive Review Sessions Needed to Address 
Troubled Projects, GAO-13-524 (Washington, D.C.; June 13, 2013). 

^GAO-15-290. 
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functionality. In a series of reports we identified numerous planning, 
oversight, security, and system development challenges faced by this 
program and made recommendations to address them,® 

• The Department of Agriculture's Farm Program Modernization, which 
is intended to modernize the IT systems supporting the Farm Service 
Agency’s 37 farm programs, had not implemented a number of key 
management and oversight practices to ensure its successful 
completion. In July 2011, we reported on Issues with the reliability of 
the program's cost estimate, weaknesses in its management 
approach, and a lack of clarity in its governance structure.® In our 
report, we recommended that the agency take action to address these 
issues. 

• The Department of Commerce’s Census Enterprise Data Collection 
and Processing investment was initiated in fiscal year 2015 and is 
expected to be the backbone of the Census Bureau’s target IT 
architecture. Particular attention to this area is warranted in order to 
avoid repeating the mistakes of the 2010 Decennial Census, in which 
the bureau had to abandon its plans for the use of handheld data 
collection devices, due in part to fundamental weaknesses in its 
Implementation of key IT management practices. 

• DOD’s Defense Enterprise Accounting and Management System 
(DEAMS), which is the agency's planned accounting system designed 
to provide accurate, reliable, and timely financial information, has 
experienced significant delays and cost increases. In March 2012, we 
reported that DEAMS faced a 2-year deployment delay and an 
estimated cost increase of about $500 million from its original life- 
cycle cost estimate of $1.1 billion, an increase of approximately 45 


®See GAO. Healthcare.gov: CMS Has Taker) Steps to Address Problems, but Needs to 
Further Implement Systems Development Best Practices. GAO'15-238 (Washington, 
D.C.: Mar. 4, 2015); Healthcare.gov: Actions Needed to Address Weaknesses in 
Information Security and Privacy Controls, GAO-14-730 (Washington. D.C.; Sept. 16, 
2014); and Healthcare.gov: Ineffective Planning and Oversight Pmctices Underscore the 
Need for Impnoved Contract Management, GAO-14-694 (Washington, D.C.; July 30 
2014). 

®GAO, USDA Systems Modernization: Management and Overnight Improvements Are 
Needed. GAO-11-586 (Washington, D.C.: July 20, 2011). 
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percent.^® Further, we reported that assessments by DOD users had 
identified operational problems with the system, such as data 
accuracy Issues, an inability to generate auditable financial reports, 
and the need for manual workarounds We recommended that DOD 
take actions to ensure the correction of system problems prior to 
further system deployment, including user training. DOD generally 
concurred with our recommendations and described its efforts to 
address them. 

• DOD's and VA’s initiatives to modernize their electronic health records 
systems are intended to address sharing data among the 
departments’ health information systems, but achieving this has been 
a challenge for these agencies over the last 15 years. In February 
2013, the two departments’ Secretaries announced that instead of 
developing a new common, integrated electronic health record 
system, the departments would focus on achieving interoperability 
between separate DOD and VA systems.’^ The departments' change 
and history of challenges in improving their health information 
systems heighten concern about whether they will be successful. 

• The Department of Homeland Security’s United States Citizenship 
and Immigration Services (USCIS) Transformation program is to 
transition USCIS from a fragmented, paper-based filing environment 
to a consolidated, paperless environment using electronic case 
management tools, but it is unclear whether the department Is 
positioned to successfully deliver these capabilities. For example, it 
has not yet demonstrated the extent to which It can meet six key 
capability requirements using its new system architecture. Further, 
between July 2011 and September 2014, the program’s life-cycle cost 
estimate increased from approximately $2,1 billion to approximately 


’®GAO. DOD Financial Management: Reported Status of Department of Defense's 
Enterprise Resource Planning Systems. GAO-12-565R (Washington, D.C,; Mar 30 
2012). 

”GAO, DOD Financial Management: Implementation Weaknesses in Army and Air Force 
Business Systems Could Jeopardize DOD's Auditability Goals. GAO-12-134 (Washinaton 
D C.: Feb. 28. 2012). ' 

’^GAO, Electronic Health Records: Long History of Management Challenges Raises 
Concerns about VA's and DOD's New Approach to Sharing Health Information 
GAO-13-413T (Washington. D.C.; Feb. 27. 2013). 
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$2.6 billion. 

• The Department of Homeland Security’s Human Resources IT 
investment is to consolidate, integrate, and modernize the 
department’s human resources IT infrastructure, but it has 
experienced a long history of issues. As of May 201 5. this investment 
was rated as “moderately high risk” by the department's CIO. 
According to the CIO, this investment has experienced significant 
challenges that have inhibited delivered capabilities from being 
accepted by users, but the department is working to address them. 

• The Department of Transportation's Next Generation Air 
Transportation System (NextGen) is an advanced technology air- 
traffic management system that the Federal Aviation Administration 
(FAA) anticipates will replace the current ground-radar-based system, 
at an expected cost of $15 billion to $22 billion through fiscal year 
2025. However. NextGen has significantly increased the number, 
cost, and complexity of FAA’s acquisition programs. The 
interdependencies among these programs heighten the importance of 
remaining on time and within budget. Accordingly, we recommended 
that FAA, among other things, require cost and schedule risk analysis, 
independent cost estimates, and integrated master schedules.''® 

• VA has invested significant resources into developing a system for 
outpatient appointment scheduling, but these efforts have faced major 
setbacks. After failing to implement a new solution, in October 2009, 
VA began a new initiative that it refers to as HeaitheVet Scheduling. In 
May 2010, we recommended that, as the department proceeded with 
future development, it take actions to improve key processes, 
including acquisition management, system testing, and progress 
reporting, which are essential to the department's second outpatient 
scheduling system effort. 


’^GAO. Air Traffic Control Modernization: Management Challenges Associated with 
Program Costs and Schedules Could Hinder NextGen Implementation, GAO-12-223 
(Washington. D.C.; Feb, 16, 2012). 

^''GAO, Infonnation Technology: Management Improvements Are Essential to VA's 
Second Effort to Replace Its Outpatient Scheduling System. GAO-10-579 (Washinaton 
D.C.: May 27, 2010). ’ 
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Incremental Development Beyond focusing attention on individual high-risk investments, an 
additional key reform initiated by 0MB emphasizes incremental 
development in order to reduce investment risk. In 2010, it called for 
agencies' major investments to deliver functionality every 12 months and, 
since 2012, every 6 months. 

However, we recently reported that less than half of selected Investments 
at five major agencies planned to deliver capabilities in 12-month 
cycles.^® Accordingly, we recommended that 0MB develop and issue 
clearer guidance on incremental development and that selected agencies 
update and implement their associated policies. Most agencies agreed 
with our recommendations or had no comment. Table 1 shows how many 
of the total selected investments at each agency planned to deliver 
functionality every 12 months during fiscal years 2013 and 2014. 


Table 1 : Number of Selected Investments Planning to Incrementally Deliver 
Functionality 

Agency 

Total number of Investments planning to 
selected deliver functionality 

investments every 12 months 

Department of Defense 


37 

11 

Department of Health and Human 
Services 


14 

11 

Department of Homeland Security 


12 

6 

Department of Transportation 


20 

7 

Department of Veterans Affairs 


6 

6 

Total 


89 

41 


SwtfM GAO analysis of agency data |GAQ-15475T 


Key Transparency Website Given these issues, it is important for the federal government to be 
transparent both when it is acquiring new investments and when It is 
managing legacy investments. To help the government achieve such 
transparency, in June 2009, 0MB established a public website (referred 
to as the IT Dashboard) that provides detailed information on major IT 
investments at 27 federal agencies, including ratings of their performance 


^ ^GAO, Information Technology: Agencies Need to Establish and Implement Incremental 
Development Policies, GAO-14-361 {Washington. D.C.; May 1, 2014). 
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against cost and schedule targets. The public dissemination of this 
information is Intended to allow OMB; other oversight bodies, including 
Congress; and the general public to hold agencies accountable for results 
and performance. Among other things, agencies are to submit ratings 
from their CIOs, which, according to OMB’s instructions, should reflect the 
level of risk feeing an investment relative to that investment's ability to 
accomplish its goals. 

As of May 2015, according to the IT Dashboard, 178 of the federal 
government’s 738 major IT investments — totaling $8.7 billion — were in 
need of management attention (rated “yellow” to indicate the need for 
attention or “red" to indicate significant concerns). (See fig. 1.) 



jUiyUH Normal 
CTffSSj Needs attention 

Significant attention 

Sowce; CMIice of Management and BwIgBt'* IT Oashboard. i OAO-IS-STST 


•®GAO. IT Dashboard: AgerKies Are Managing Investment Risk, but Related Ratings 
Need to Be More Accumte and Available. GAO-14-64 (Washington, D.C.: Dec. 12, 2013), 
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Although the accuracy of Dashboard cost and schedule data has 
improved over tlme,^^ in December 2013, we reported that agencies had 
removed major investments from the site, representing a troubling trend 
toward decreased transparency.’® For example, several of the 
Department of Energy’s supercomputer investments had been classified 
as facilities, rather than IT, thus removing those investments from the 
Dashboard, and 0MB staff stated that they had no control over such 
decisions. 

Further reducing transparency. 0MB does not update the public version 
of the Dashboard as it and the agencies work to assist in the formulation 
of the President’s annual budget request. According to an 0MB Office of 
E-Government and Information Technology staff member, 0MB considers 
information submitted during the budget process to be pre-decisional and 
will only release it to the public in tandem with the President’s budget. 
However, the information submitted as part of an investment’s CIO rating 
does not meet OMB’s own definition of “pre-decisional,"’® meaning that 
the CIO risk ratings could be updated independent of the budget process 
without disclosing information that might compromise that process. 
Moreover, as of December 201 3. the public version of the IT Dashboard 
had not been updated for 15 of the previous 24 months. More recently, 
0MB stopped updating the public version of the Dashboard on August 31 , 
2014, and did not update it until March 10, 2015, a span of more than 6 
months. Over the past several years, we have made over 20 
recommendations to help improve the accuracy and reliability of the 
information on the IT Dashboard and to increase its availability. 


Reviews of Operationel in addition to spending money on new IT development, agencies also 
Systems to spend a significant amount of their fiscal year 201 5 IT budgets on 

the operations and maintenance (O&M) of legacy (i.e., steady-state) 
systems. Over the past 6 fiscal years, this amount has increased, while 


’^GAO. IT Dashboard: Accuracy Has Improved, and Additional Efforts Are Under Way to 
Better Infonn Decision Making. GAO-12-210 (Washington, D.C,: Nov. 7. 2011). 

’®GAO-14-64. 

’®The Dashboard’s web page for frequently asked questions defines pre-decisionai 
information as "new" investments, planned IT spending levels in the budget year, costs of 
projects and activities that were completed during or after the budget year, and eliminated 
or downgraded investments. See http;/Avww.itdashboard.gov/faq, 
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the amount Invested in developing new systems has decreased by about 
$7.8 billion since fiscal year 2010. (See figure 2.) This raises concerns 
about agencies’ ability to replace systems that are no longer cost- 
effective or that fail to meet user needs. 


Figure 2: Summary of IT Spending by Fiscal Year from 2010 through 2015 (Dollars in Billions) 

Total intonnation technology spending (in billions) 
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decline since 
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Fiscal years 


Development, modernization, enhancement (OME) 
PPM| Operations and maintenance (O&M) 

Source: GAO analysis of agency date. | OAO-1S>e75T 


Of the more than $78 billion budgeted for federal IT in fiscal year 2015,^° 


^h»s $78 billion represents what agencies reported to 0MB on how much they plan to 
spend on IT and how these funds are to be allocated. This figure does not include 
spending for DOD classified IT systems, details of which are not included on the IT 
Dashboard, Moreover, this $78 billion figure is understated. Spedficalty, it does not 
include IT investments by 58 independent executive branch agencies, including the 
Central Intelligence Agency, or by the legislative or judicial branches. Additionally, not all 
executive brancrfi IT investments are included in this estimate because agencies have 
differed on what they considered an IT investment. For example, some have considered 
research and development systems as IT investments, while others have not. 
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26 federal agencies^^ plan to spend about $60 billion, more than three- 
quarters of the total budgeted, on the O&M of legacy investments. Figure 
3 provides a visual summary of the relative cost of major and nonmajor 
investments, both in development and O&M. 


Figure 3: Summary of Planned Fiscal Year 2015 Major and Nonmajor Investments in Development and Operations and 
Maintenance (Dollars In Billions) 



Major 

Investments 


$29.5 billion 

Operations and maintenance 


Nonmajor 

Investments 



$10.7 billion 

Development 


$7.2 billion 

Development 


$30.3 billion 

Operations and maintenance 


Source: GAO anaiys's o' agene/ data | GAO-15-675T 


Given the size and magnitude of these investments, it is important that 
agencies effectively manage the O&M of existing investments to ensure 
that they (1) continue to meet agency needs, (2) deliver value, and (3) do 


The 26 agencies are the Departments of Agriculture. Commerce. Defense. Education 
Energy, Health and Human Services. Homeland Security. Housing and Urban 
Development, the interior. Justice, Labor, State, Transportation, the Treasury, and 
Veterans Affairs; U S. /Kmy Ccwps of Engineers: Environmental Protection Agency; 
General Services Administration; National Aeronautics and Space Administration' National 
Archives and Records Administration; National Science Foundation; Nuclear Regulatory 
Commission; Office of Personnel Management: Small Business Administration Social 
Security Administration; and U.S. Agency for international Development. 
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not unnecessarily duplicate or overlap with other investments. To 
accomplish this, agencies are required by 0MB to perform annual 
operational analyses of these investments, which are intended to serve 
as periodic examination of an investment’s performance against, among 
other things, established cost, schedule, and performance goals. 

However, we have reported that agencies were not consistently 
performing such analyses and that billions of dollars in O&M investments 
had not undergone needed analyses.^^ Specifically, as detailed in our 
November 2013 report, only 1 of the government's 10 largest O&M 
investments underwent an OMB-required operational analysis. We 
recommended that operational analyses be completed on the remaining 9 
investments. Most agencies generally agreed with our recommendations. 


Portfolio Management To better manage existing IT systems, 0MB launched the PortfolioStat 

initiative, which requires agencies to conduct an annual, agency-wide IT 
portfolio review to, among other things, reduce commodity IT^^ spending 
and demonstrate how their IT investments align with the agency’s mission 
and business functions. In November 2013, we reported that agencies 
continued to identify duplicative spending as part of PortfolioStat and that 
this initiative had the potential to save at least $5.8 billion through fiscal 
year 2015; however, weaknesses existed in agencies’ implementation of 
the initiative, such as limitations in the CIOs’ authority. We made more 
than 60 recommendations to improve OMB’s and agencies' 
implementation of PortfolioStat. 0MB partially agreed with our 
recommendations, and responses from 21 of the agencies varied. 


^^GAO. Information Technology: Agencies Need to Strengthen Oversight of Multibillion 
Dollar Investments in Operations and Maintenance. GAO-14-66 (Washington, D.C.; Nov. 
6. 2013), and Inhrmation Technology: Agencies Need to Strengthen Oversight of Billions 
of Dollars in Operations and Maintenance Investments. GAO-13-87 (Washington D C ' 
OcM6, 2012). 

^^According to 0MB. commodity IT Includes services such as IT infrastructure (data 
centers, networks, desktop computers and mobile devices); enterprise IT systems (e-maii, 
collaboration toots, identity and access management, security, and web infrastructure); 
and business systems (finance, human resources, and other administrative functions). 

^‘‘GAO. Information Technology: Additional OMB and Agency Actions Are Needed to 
Achieve Poiifolio Savings, GAO-14-65 (Washington, D.C.: Nov, 6, 2013). 
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More recently, in April 2015, we reported that agencies decreased their 
planned PortfolioStat savings to approximately $2 billion — a 68 percent 
reduction from the amount they reported to us in 2013.^^ Additionally, 
although agencies also reported having achieved approximately $1.1 
billion In PortfoiioStat-related savings, Inconsistencies in OMB's and 
agencies’ reporting make it difficult to reliably measure progress in 
achieving savings. Among other things, we made recommendations to 
0MB aimed at Improving the reporting of achieved savings. 0MB agreed 
with the recommendations. 

We have also recently reported on three key areas of agency’s IT 
spending portfolio; data center consolidation, software licensing, and 
mobile devices. 

Data Center Consolidation: Concerned about the size of the federal 
data center inventory and recognizing the potential to improve the 
efficiency, performance, and environmental footprint of federal data 
center activities, 0MB, under the leadership of the Federal CIO, 
established the federal data center consolidation initiative in February 
2010. In a series of reports, we found that, while data center consolidation 
could potentially save the federal government billions of dollars, 
weaknesses existed in the execution and oversight of the Initiative. 

Most recently, we reported that, as of May 2014, agencies collectively 
reported that they had a total of 9,658 data centers;^® as of February 
2015, they had closed 1,236 data centers and were planning to close an 
additional 2,607 — for a total of 3,843 — by the end of September 2015. We 
also noted that between fiscal years 201 1 and 2017, agencies reported 
planning a total of about $5.3 billion in cost savings and avoidances due 
to the consolidation of federal data centers. In correspondence 
subsequent to the publication of our report, DOD's Office of the CIO 
identified an additional $2.1 billion in savings to be realized beyond fiscal 
year 2017, which increased the total savings across the federal 
government to about $7.4 billion. 


GAO, Information Technology: Additional 0MB and Agency Actions Needed to Ensure 
Portfolio Savings Are Realized and Effectively Tracked, GAO-1 5-296 (Washington D C 
Apr, 16, 2015). 

^®GAO. Data Center Consc^idation: Reporting Can Be Improved to Reflect Substantial 
Planned Savings, GAO-14-713 (Washington, D.C.; Sept. 25, 2014) 
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Table 2 below provides a summary of agencies’ total data center cost 
savings and cost avoidances between fiscal years 201 1 and 2017, as well 
as DOD cost savings and cost avoidances to be realized beyond 2017. 

Table 2: Agencies’ Data Center Consolidation Cost Savings and Avoidances (Dollars in Millions) 


Estimated and actual 

Planned 

Fiscal year 

2011 2012 2013 

2014 2015 2016 2017 Beyond 2017 Total 

Total savings and 
avoidances 

$192 $268 $683 

$895 $1,250 $917 $1,144 $2,100 $7,449 


$1,143 total 

$6,306 total 


Source: GAO analysis o« agency daa j GAO-1 5-675T 

Note: Totais may not add due to rounding. 


However, we noted that planned savings may be understated because of 
difficulties agencies encountered when calculating savings and 
communicating their estimates to 0MB. We concluded that it was 
important for 0MB to continue to provide leadership and guidance on this 
initiative, and we made recommendations to ensure the initiative 
improves governmental efficiency and achieves cost savings. Most 
agencies agreed with our recommendations or had no comment. 

Software Licensing: An additional area of concern is agencies’ 
management of their software licenses. We recently reported on federal 
agencies’ management of software licenses and determined that better 
management was needed to achieve significant savings government- 
wide.^^ In particular, 22 of the 24 major agencies identified in the Chief 
Financial Officers Act of 1990 did not have comprehensive license 
policies, and only 2 had comprehensive license inventories. As a result, 
agencies’ oversight of software license spending was limited or lacking, 
and thus they may miss out on savings. The potential savings could be 
significant considering that, in fiscal year 2012, one major federal agency 
reported saving approximately $181 million by consolidating its enterprise 
license agreements, even though its oversight process was ad hoc. 

We recommended that 0MB issue needed guidance to agencies and 
made more than 130 recommendations to the agencies to improve their 
policies and practices for managing software licenses. 0MB disagreed 


^'GAO. Federal Software Licenses: Better Management Needed to Achieve Significant 
Savings Govemment-]Mde. GAO-14-413 (Washington, D.C.: May 22. 2014). 
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with the need for guidance. However, without such guidance, agencies 
will likely continue to lack the visibility into what needs to be managed. 
Most agencies generally agreed with the recommendations or had no 
comments. 

Mobile Devices: We have also identified weaknesses in agencies’ 
management of their mobile devices. Both a 201 1 executive order and 
OMB’s 2012 Digital Government Strategy call for agencies to, among 
other things, take steps to ensure they are not paying for unused or 
underused mobile devices and services and to move toward an 
enterprise-wide model for purchasing these devices and services in order 
to reduce costs. However, in May of this year we reported that agencies 
need to implement more effective controls on their mobile devices and 
services in order to realize potential cost savings.^® Specifically, most of 
the 15 agencies we reviewed did not have an inventory of mobile devices 
and associated services that can be used to assess device usage, and 
only 1 of the 15 agencies had documented procedures for monitoring 
spending by reviewing devices and associated service plans for overuse, 
underuse, or zero use. A key reason for these weaknesses was that 
agencies took a decentralized approach to managing mobile device 
spending. We also noted that 0MB had not measured progress toward its 
stated goal of achieving financial savings related to mobile devices and 
services. 

Highlighting the potential for savings in this area, agencies reported 
paying a range of rates per line for various service combinations, from 
$21 for 200 voice minutes, unlimited data, and 200 text messages, to 
$122 for unlimited voice, data, and text messages. Agencies also paid 
different rates for the same bundle of services. For example, for the 
unlimited voice, text, and data bundles, agencies paid between $69 and 
$122 per month. 

Accordingly, we recommended that the agencies in our review take 
actions to improve their inventories and control processes and that 0MB 
measure and report progress in achieving mobile cost savings. 0MB and 
14 of the agencies generally agreed with the recommendations or had no 


^®GAO. Telecommunications: Agencies Need Better Controls to Achieve Significant 
Savings on Mobile Devices and Services, GAO-15-431 (Washington, D.C.: May 21, 2015). 
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comment. One agency, the Department of Defense, partialiy agreed, but 
we maintained that actions are still needed. 


Recent Legislation Can Recognizing the severity of issues related to government-wide 
Help Improve Agencies' management of it, in December 2014, Congress led the enactment of 
Management of IT FITARA. Among other things, the law includes the following 

° requirements:^ 

• Agencies, except for DOD, shall ensure that CIOs have a significant 
role in, among other things, programming and budgeting decisions, as 
well as management, governance, and oversight processes related to 
!T.^° For example, agencies {other than DOD) may only enter into 
contracts for IT and IT services that are reviewed and approved by the 
agency CIO. 

• OMB shall provide guidance that requires CIOs to certify that IT 
acquisitions are adequately implementing incremental development. 

• OMB shall issue guidance that requires the CIO to adequately reflect 
each major IT investment’s cost, schedule, and performance in the 
investment evaluation. 

• OMB shall make available to the public a list of all major IT 
investments, including data on cost, schedule, and performance, and 
report to Congress on any investment that is evaluated as high risk for 
4 consecutive quarters. 

• The General Services Administration shall identify and develop a 
government-wide program for the acquisition, dissemination, and 
shared use of software licenses. 

• OMB, in consultation with agency CIOs, shall implement a process to 
assist agencies in managing their IT portfolios. 


Pub. L No. 113-291. div. A, tiHe VIII, subtitle D (Dec. 19, 2014). Unless otherwise noted 
the provisions apply to the agencies covered by the Chief Financial Officers Act of 1990 
31 U-S.C.§ 901(b). 

^°For DOD. the law requires that the DOD CIO review and provide recommendations to 
the Secretary of Defense on the department's IT budget request. 
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• Agencies shall annually report to OMB’s Administrator of the Office of 
Electronic Government specific information, to include progress in 
consolidating federal data centers and the associated savings. 

The new IT acquisition reform requirements codified in the taw. when fully 
implemented, should help address key issue areas identified in our high- 
risk report related to the management of IT investments. 

In April 2015, 0MB released proposed guidance for public comment on 
how agencies are to implement the law.^^ OMB's proposed guidance 
states that it is intended to. among other things, assist agencies in 
aligning their IT resources to statutory requirements; establish 
government-wide IT management controls that will meet the taw’s 
requirements, while providing agencies with flexibility to adapt to unique 
agency processes and requirements; clarify the CIO’s role and strengthen 
the relationship with agency CIOs and bureau CIOs; and strengthen CIO 
accountability for IT cost, schedule, and performance. 

The proposed guidance includes several actions agencies are to take 
within specified time frames to implement a basic set of roles and 
responsibilities for CIOs and other senior agency officials (referred to as 
the “common baseline”) needed for the management of IT and to 
implement the specific authorities described in the law. Such roles and 
responsibilities described Include those related to budget formulation and 
planning, acquisition and execution, and organization and workforce. To 
implement the common baseline, the proposed guidance includes the 
following more specific requirements: 

• By August 15, 2015, each agency is to conduct a self-assessment 
and articulate a plan describing the changes it will make to ensure 
that all common baseline responsibilities are implemented by 
December 31, 2015. Agencies are to submit their plans to OMB's 
Office of E-Government for review and acceptance and make the 
plans publicly available on agency websites no later than 30 days 
after 0MB acceptance. 


Management and Oversight of Information Technology Resources. Proposed 
Guidance from OMB, accessed June 3. 2015, hUps://management.cio.gov. 0MB sought 
feedback and suggestions on the proposed guidance through May 30, 2015. 
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* By December 31, 2015, agencies are to implement specific 
responsibilities and processes for the management of IT from the 
common baseline. 

• By April 30, 2016, agencies are to update their self-assessment to 
identify any obstacles or incomplete implementation of common 
baseline responsibilities over the preceding 12 months. The seif- 
assessment Is to be updated on an annual basis thereafter. 

Additionally, the proposed guidance reiterates OMB’s existing guidance 
on PortfolioStat, the IT Dashboard, and the federal data center 
consolidation initiative, and expands its existing guidance on TechStat 
sessions. In particular, with respect to TechStat sessions, the proposed 
guidance calls for agencies to hold these sessions for investments that for 
3 consecutive months have a “red” risk rating, which indicates that the 
CIO has significant concerns with the investment. If the CIO continues to 
give a “red” rating for 1 year following the TechStat session, the guidance 
states that 0MB may Intervene with appropriate performance and 
budgetary actions until the agency has addressed the root cause of the 
problems and ensured that the investment will complete remaining 
activities within its planned cost and schedule. 

Finally, OMB’s proposed guidance also includes requirements to help 
support agency implementation of the roles and responsibilities for CIOs 
and other senior agency officials (i.e., the common baseline). For 
example, through the end of fiscal year 2016. the Federal CIO CounciP^ 
is to meet quarterly to discuss topics related to the implementation of the 
common baseline and to assist agencies by, for example, sharing 
examples of agency governance processes and IT policies. Additionally, 
by June 30, 2015, the President’s Management Council®^ is to select 
three members from the council to provide an update on government- 
wide implementation of FITARA on a quarterly basis through September 
2016. The updates are to improve the agencies’ awareness of policies 
and procedures that have worked well in other agencies. 


^^The Federal CIO Council is the principal interagency forum to improve agency practices 
on such matters as the design, modernization, use, sharing, and performance of agency 
information resources. 

^^The President’s Management Council is chartered to ensure that management reforms 
are implemented across the executive branch. It is composed of a senior official 
responsible for organizational management from each cabinet-level department and 
selected agencies. 
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Key to effectively implementing CIOs’ and other officials’ responsibilities 
in this area is ensuring consistent reporting on their IT reform efforts. In 
April 2015 we reported that, although 0MB uses the information reported 
by CIOs to help it oversee the federal government’s use of IT. the majority 
of CIOs at the 24 agencies covered by the Chief Financial Officers Act do 
not, for the most part, use this information for their own IT management 
efforts.^ We recommended, among other things, that 0MB, in 
collaboration with CIOs, ensure a common understanding of priority IT 
reform initiatives and their reporting requirements. 0MB neither agreed 
nor disagreed with our recommendations. 


Actions Needed to in our February 2015 high-risk report, we identified actions that 0MB and 

Address This High-Risk agencies need to take to make progress in this area.^® These include 

implementing the recently enacted statutory requirements promoting IT 
acquisition reform, as well as implementing GAO's previous 
recommendations, such as updating the public version of the IT 
Dashboard throughout the year. As noted in that report, from October 
2009 through December 2014, we made 737 recommendations to 
improve agencies’ management of their IT acquisitions; however, as of 
January 201 5, only about 23 percent of these had been fully 
implemented. 

Also in our high-risk report, we stated that 0MB and agencies should 
demonstrate measurable government-wide progress in the following key 
areas; 

• 0MB and agencies should, within 4 years, implement at least 80 
percent of GAO’s recommendations related to the management of IT 
acquisitions and operations. 

• Agencies should ensure that a minimum of 80 percent of the 
government’s major acquisitions deliver functionality every 12 months. 


^'’GAO. Federal Chief Information Officers: Reporting to 0MB Can Be Improved by 
Further Sireamlining and Better Focusing on Priorities. GAO-15-106 {Washinqlon 0 C ' 
Apr, 2.2015). 

^^GAO-15-290. 
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• Agencies should achieve no less than 80 percent of the planned 
PortfolioStat savings and 80 percent of the savings planned for data 
center consolidation. 

In summary, with the recent passage of IT reform legislation, the federal 
government has an opportunity to improve the transparency and 
management of IT acquisition and operations, and strengthen the 
authority of CIOs to provide needed direction and oversight. 0MB and 
federal agencies should expeditiously implement the requirements of the 
legislation and continue to implement our previous recommendations. To 
help ensure that these improvements are achieved, continued 
congressional oversight of OMB's and agencies' implementation efforts is 
essential. 


Chairmen Hurd and Meadows, Ranking Members Kelly and Connolly, 
and Members of the Subcommittees, this completes my prepared 
statement. I would be pleased to respond to any questions that you may 
have at this time. 
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Mr. Hurd. Mr. Spires, the floor is yours for 5 minutes. 

STATEMENT OF RICHARD SPIRES 

Mr. Spires. Good afternoon, Chairmen Hurd and Meadows, 
Ranking Members Kelly and Connolly, and members of the sub- 
committees. I’m honored to testify today, and I wish to acknowl- 
edge Representative Connolly’s leadership in sponsoring FITARA. 
Since I served as a CIO of the IRS and later DHS, I hope my in- 
the-trenches experience is of value to help guide FITARA imple- 
mentation. 

Earlier this year GAO placed improving the management of IT 
acquisitions and operations on its High Risk List. For decades, the 
government has been underperforming in its delivery of major IT 
programs. Deeply embedded cultural and skills issues must be ad- 
dressed if we are to improve the government’s delivery of IT. This 
is where FITARA can make a significant positive difference if im- 
plemented effectively. 

GAO has identified nine critical factors underlying successful 
major IT acquisitions. Yet how does an agency ensure these factors 
are top of mind and implemented for all IT acquisitions? My expe- 
rience from participating in and reviewing hundreds of programs 
leads to two foundational areas of focus critical to success. 

The first area of focus is the program governance model, which 
should ensure a collaborative partnership between various stake- 
holder organizations that have key roles in the IT acquisition. Even 
the best program manager fails if the program governance model 
does not work. 

The second area of focus involves the Program Management Or- 
ganization, PMO, having the requisite skills and proper representa- 
tion of various stakeholders to operate effectively. All members of 
the PMO must be aligned and incentivized to work toward a com- 
mon set of outcome-based success measures. 

FITARA must enable agency CIOs to ensure proper program gov- 
ernance and PMO models are in place for all significant IT acquisi- 
tions. I note that it is not the agency CIO that has the last say re- 
garding major program decisions, but rather that the governance 
process is worMng effectively to ensure major decisions are made 
with all appropriate stakeholder input. For FITARA to be success- 
ful, it is critical that an initial rollout within agencies be effective. 
I’m very pleased to see the approach 0MB and the new Federal 
CIO Tony Scott are taking to support this rollout. 

0MB recently issued draft FITARA implementation guidance 
based on seeking significant outside input. This will improve con- 
tent, understanding, and buy-in over the longer term. Yet there’s 
a wide disparity in the maturity level of IT organizations across the 
agencies. A number of agencies will struggle with both the what 
and how to implement FITARA. To support this implementation ef- 
fort, the American Council for Technology and Industry Advisory 
Council, ACT-IAC, a nonprofit organization, is forming a working 
group to support the development of tools that can provide agencies 
help to implement FITARA. 

The workings group intent, is to draw from the best of both the 
public and private sectors’ models for managing IT. The group will 
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focus on providing a range of proven implementation models for 
budget formulation and oversight, program governance, and delega- 
tion of authorities that should cover the array of different agency 
models from centralized to highly federated management of IT. 

Mr. Darren Ash, CIO of the U.S. Nuclear Regulatory Commis- 
sion, will serve as the government lead, and I will serve as the in- 
dustry lead for this effort. 

Even with a solid FITARA implementation plan, success will be 
dependent on two additional factors. First, the agency CIO needs 
to have the leadership, management, and political experience to 
drive this change, as well as a deep understanding of IT manage- 
ment. And, second, the agency leadership must be supportive of the 
agency CIO, particularly in agencies that are operating in a fed- 
erated environment. Congress, through these subcommittees, can 
support these efforts by demanding aggressive implementation of 
FITARA by agencies, development of measures for assessing 
FITARA’s impact, and transparency in reporting of ongoing 
progress. 

The benefits of FITARA implementation will take years to realize 
so we will need to have persistence and patience. Implementation 
of this level of change takes 2 to 3 years, and benefits of that 
change being felt in year 3 and beyond. Regarding how to measure 
FITARA’s success, I would start with the metrics GAO has spelled 
out regarding what is required to remove IT acquisition from their 
High Risk List. To these metrics I would add agency-specific meas- 
ures of how IT can more effectively support the mission and busi- 
ness outcomes of the agencies. This current administration has a 
golden opportunity to set the correct foundation for implementing 
FITARA so that when the next administration arrives, the critical 
elements of FITARA are already taking root. 

And while I’m pleased with the work to date, it is critical to 
make enough progress during the next 18 months to ensure that 
leadership commitment to FITARA is sustained into the next Con- 
gress and administration. Thank you. 

Mr. Hurd. Thank you, Mr. Spires. 

[Prepared statement of Mr. Spires follows:] 
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Good afternoon Chairmen Hurd and Meadows, Ranking Members Kelly and Connolly, 
and members of the Subcommittees. 1 am honored to testify in regards to “The Federal 
Information Technology Acquisition Reform Act’s Role in Reducing IT Acquisition 
Risk”. I was pleased to see Congress pass FITARA, and I wish to acknowledge 
Representative Connolly’s leadership in helping craft and sponsor this legislation. 

Serving as the CIO of a major department (DHS) as well as the CIO for a large bureau 
(IRS) in the Department of Treasury, I had ample opportunity to understand the dynamics 
inherent in federal government IT acquisition, and the areas in which high risk factors 
can lead to outright program failure. Based on that experience, I worked at both the IRS 
and DHS to implement approaches to address these risk factors, and based on those 
experiences, worked to influence IT acquisition across the federal government during my 
tenure as the Vice Chair of the Federal CIO Council. Given the importance of this topic 
to the effective and efficient business of government, I hope my testimony is of value to 
Congress and the Administration as a means to help guide FITARA implementation with 
resulting improved IT acquisition and operations outcomes. 

Earlier this year, the Government Accountability Office (GAO) placed “Improving the 
Management of IT Acquisitions and Operations” on its High Risk List, and GAO's latest 
report states that “federal IT investments too frequently fail to be completed or incur cost 
oven-uns and schedule slippages while contributing little to mission-related outcomes.”' 
During my government career, I dealt extensively with two items on the list: 1) IRS 
Modernization (now off the list); and 2) The Need to Strengthen the Department of 
Homeland Security's Management Functions. In both cases, there was intense 
congressional scrutiny, and sipificant attention shown by the Office of Management and 
Budget (0MB) and the agencies that found their programs on the High Risk List. 

Although agencies grouse about it, I have found that having a program on the High Risk 
List focuses valuable attention and resources on systemic issues in government. The IRS 
spent more than a decade maturing its IT acquisition and program management, and 
along the way demonstrated improved capabilities to deliver successful programs, before 
finally coming off the list in 2014. IT acquisition across government deserves this level 


^ GAO, High-Risk Series: An Update, G.'VO-l.S-iW: PublLshcd: t'cb H. 20U. Piihlids RcIcascd^ I eb 1 1 
2015. 
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of sustained attention and I believe GAO was correct to add it to the High Risk list. For 
decades, the government has been underperforming in its delivery of major IT programs. 
Deeply embedded cultural and skills issues must be addressed if we are to improve the 
government’s score card in delivering IT programs. Those changes, while certainly 
doable, take sustained leadership over time to have a major positive impact. This is 
where FITARA can make a significant positive difference, if implemented effectively. 

As requested, my testimony will focus on three critical areas for improving IT acquisition 
and so that IT can more effectively and efficiently enable US federal government 
agencies to provide mission and business services to citizens. First, I will comment on 
the factors identified by the General Accountability Office (GAO) that lead to acquisition 
success and how FITARA implementation can help ensure these factors are appropriately 
addressed. Second, I will provide my views on how to properly implement FITARA in 
order to have the most positive impact on IT acquisition and operations. Lastly, I will 
provide views on how agencies should be measured and held accountable for IT 
acquisition and operations outcomes. 


Critical Success Factors for IT Acquisition 

GAO has identified nine critical factors underlying successful major acquisitions that 
support the objective of improving the management of large-scale IT acquisitions across 
the federal govemment: (1) program officials actively engaging with stakeholders; (2) 
program staff having the necessary knowledge and skills; (3) senior department and 
agency executives supporting the programs; (4) end users and stakeholders involved in 
the development of requirements; (5) end users participating in testing of system 
functionality prior to end user acceptance testing; (6) govemment and contractor staff 
being stable and consistent; (7) program staff prioritizing requirements; (8) program 
officials maintaining regular communication with the prime contractor; and (9) programs 
receiving sufficient funding.^ 

I certainly agree with these success factors, and when I look at the large-scale IT 
acquisitions that have been successful, they map well to these nine factors. Yet how does 
an agency ensure these factors are top-of-mind and implemented for all IT acquisitions? 
There are clearly many areas that must be right for IT acquisitions to succeed, from using 
best practices and incremental development techniques, to proper requirements 
management and testing. But overall, there are two foundational areas of focus that are 
critical to ensure these success factors are addressed. The first area of focus is the 
Program Governance model, which should ensure a collaborative partnership between 
various stakeholder organizations that have key roles in the IT acquisition. Too often I 
have reviewed programs in which the program manager is attempting to address 
executives' differing - and in some cases, opposite - views of what constitute the 
program priorities. In such cases, even the best program manager fails if the program 
governance model does not work. The second area of focus involves the Program 


^ GAO, Information Technology: Critical Factors Underlying Successful Major Acquisitions, GAO-12-7 
(Washington, D.C.: Oct. 21, 201 1). 
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Management Organization (PMO) having the requisite skills and proper representation 
from various stakeholders to operate effectively. All members of the PMO must be 
aligned and incentivized to work toward a common set of outcome-based success 
measures. If both of these areas of focus are properly addressed, then I have confidence a 
program can appropriately address the first eight of GAO’s critical success factors. The 
ninth success factor, receiving sufficient funding, is typically outside the control of the 
program and in many instances influenced by forces outside the agency. 

The subsections below outline why the program governance and the PMO are so critical 
to the overall success of any IT acquisition. 

Program Governance 

The right partnership via proper governance drives alignment among key decision makers 
in an organization. We have heard for decades that IT programs fail because of ill- 
defined requirements or poorly managed requirements scope throughout the life cycle of 
a program. While true, this is a symptom of a more fundamental underlying cause: The 
inability for all key stakeholders in a program to be on the same page in defining both 
desired outcomes and the approaches to meet those outcomes. 

Change is inevitable in all programs, so achieving such alignment is not a one-time 
exercise at the start of a program. Alignment is an on-going process that is critical 
throughout an investment’s strategic planning, design and development, as well as its 
implementation - hence, governance must be viewed as a full life-cycle process. As an 
example, for complex IT systems, there are at least a half-dozen stakeholder 
organizations that must be aligned, to include the strategy organization, business or 
mission owner of the system, IT, finance, procurement, legal, security, and privacy. 
Having all key stakeholders involved in key decisions is an essential element to ensuring 
genuine alignment. 

Program governance works best when there is a single, transparent reporting relationship 
for a program manager to an oversight (program-level) governance board. The board of 
executives from key stakeholder organizations must be empowered to make decisions, 
binding their organizations, and creating a partnership between the business, IT, 
procurement, finance, etc. The function of the program governance board is not to usurp 
the authorities of the program manager. It is to provide a forum by which the program 
manager can bring key issues and trade-off decisions to an informed, empowered body 
that has a vested interest in that program’s success and views the program manager as a 
trusted advisor and subject-matter specialist. 

Creating this culture of partnership and trust is vital to the true alignment needed to 
support complex programs. Hence, the governance framework must foster that trusting 
and collaborative decision-making environment. I recommend that program governance 
boards be co-chaired by the business owner and IT executive for an IT program, to both 
promote a partnership model and to ensure no one organization dominates. Collaboration 
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in program governance brings forth the best ideas, melding varied interests and unifying 
efforts. 

Further, decisions in a governance board should be consensus driven, not reduced to a 
vote-counting exercise. If a program governance board cannot reach a key decision 
through consensus, the decision should be escalated to the next-higher level board 
(typically an investment review board) or, if need be, to the head of the agency. By doing 
this, however, the board is abdicating its own decision-making authority. In an 
organization with mature governance, boards will force themselves to make the tough 
decisions — which is just what an agency’s leadership should expect. 

Program Management Organization 

The single most important element to program success are the leaders running the 
program as part of what is typically called the PMO or the integrated program team. 
There is usually significant focus on the program manager position, and having a skilled 
and experienced person in that role is vital for large, complex programs. What I find 
surprising, however, is how many programs set up shop without all the key management 
disciplines in place. 

For instance, a key to success is ensuring the involvement of the right mission or business 
organization. Having full-time mission representatives who can successfully work within 
the PMO to define the system’s requirements is crucial. In assessing a program, I look 
for individuals on the PMO team who are steeped in the current process end-to-end, who 
have true credibility with senior management, and who demonstrate flexibility to deal 
with unending change as a program unfolds and matures. Unfortunately, those crucial 
individuals are all too often absent in government programs. The business does not give 
up the star players to fill those roles. That impinges on a program’s change management 
process and ultimately affects its schedule and cost. 

All members of the PMO should report to the program manager and should be measured 
and assessed on a shared set of objectives - outcomes that support meeting the mission or 
business objectives that spawned the need for the program. Too often members of the 
PMO are measured on process results rather than on beneficial outcomes. For instance, 
the federal government would improve its ability to buy IT substantially if the contracting 
officers reported to the program managers and were measured not just on following the 
procurement regulations but on deliverables provided by the contractor and the success of 
the program. Program managers are often stuck with contract vehicles that are ill suited 
to the work that needs to be done, and they have no recourse. 

Importance of FITARA to IT Acquisition 

FITARA, if implemented effectively within an agency, can have the anticipated positive 
impact on IT acquisition outcomes. The key is having the CIO of an agency have both 
the authority to ensure the critical success factors for IT acquisitions are properly 
addressed, and the accountability in regards to IT acquisition outcomes. An agency CIO 
must demand that the proper program governance and PMO models are in place for all 
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significant IT acquisitions. As described above, getting these focus areas working 
correctly in an agency will have manifold benefits in driving correct behavior in regards 
to the critical success factors. Yet, there is a critical distinction in regards to the CIO 
establishing the framework for success for IT acquisitions, and the actual governance and 
day-to-day management of an IT program. The program governance and PMO functions 
are meant to represent all stakeholders critical to program success, and IT is just one of 
those stakeholders. Large IT programs are successful when the stakeholders are engaged 
and aligned, and the model for program governance must ensure that happens. As such, 
it is not that the CIO has the last say regarding a major program decision, but rather that 
that governance process is working effectively to ensure major decisions are made with 
all appropriate stakeholder input. 


FITARA Implementation 

Now that the FITARA legislation has become law, how does the government ensure 
effective implementation so that the law does have its intended impact? For those of us 
that have been involved with federal IT, we can cite the authorities that were granted 
CIOs via the Clinger-Cohen Act. Yet very few (if any) agency CIOs can claim they 
have the authorities outlined in Clinger-Cohen, and it is has been viewed as failed 
legislation across the federal IT community. 

To ensure that FITARA does not suffer the same fate as Clinger-Cohen, it is critical that 
the initial roll out within agencies is effective. I am very pleased to see the approach 
0MB and the new Federal CIO, Tony Scott, are taking to support this roll out. 0MB 
recently issued draft guidance to agencies for implementation of FITARA. In developing 
this draft guidance, 0MB sought significant outside input, including guidance from 
former government CIOs, CFO, CAOs, CHCOs, and COOs. Importantly, 0MB has also 
asked for public comment on this draft guidance, which will improve content, 
understanding, and buy-in over the longer term. 

The draft guidance sets forth a “Common Baseline” to establish a framework of roles and 
responsibilities that agencies are expected to implement. Recognizing that one size does 
not fit all, the Common Baseline sets a minimum level of standards that provide 
flexibility for agencies to implement the law in a manner consistent with agencies’ 
unique requirements. The guidance requires agencies to conduct a self-assessment to 
determine areas in which their current operating model is not in accordance with the 
Common Baseline and agencies then must submit a plan (subject to 0MB approval) for 
how an agency will meet the FITARA requirements. 0MB will monitor compliance and 
implementation progress through PortfolioStat and other oversight activities. Agencies 
will provide annual updates to the self-assessment and implementation plans. 

While this is an excellent process, past history leads me to still have concerns regarding 
the approach agencies will take in developing their implementation plans for meeting the 
requirements of FITARA. There is a wide disparity in the maturity level of IT 
organizations across the agencies that must implement FITARA. There are a number of 
agencies that will struggle with both the “what” to implement (e.g., a governance process 
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that leads to improved IT acquisition outcomes) and to “how” to effectively implement 
changes demanded by FITARA. 

As I noted earlier, achievement of FITARA’s objectives will require a “culture of 
partnership and trust.” This is not something that can be built into agency governance 
systems at some future point in time - it has to be nurtured from the outset of the 
implementation process. Moreover, industry has great interest in the successful 
implementation of FITARA to support government agencies. There is great value in 
engaging industry in the implementation process. And fortunately, there is a way to do 
so. 


The American Council for Technology (ACT) and Industry Advisory Council (lAC) is a 
non-profit educational organization established to improve government through the 
innovative and efficient application of technology. For more than 30 years ACT-IAC has 
provided an objective, trusted and vendor-neutral forum where government and industry 
executives are working together to create a more effective government.^ ACT-IAC can 
bring together the key government constituencies that are interested in making FITARA 
successful - program managers, technology executives, acquisition professionals, 
financial management executives, and others. It also provides a way to engage industry 
in this conversation. 

ACT-IAC is forming a working group to support the development of tools that can 
provide agencies help as they move forward to implement FITARA. The working group 
participants will consist of current and former government CIO or other CXO executives 
along with private sector executives. The intent is to draw from the best of public and 
private sector models that effectively leverage and manage IT to best support an 
organization. Mr. Darren Ash, Deputy Executive Director for Corporate Management 
and CIO of the U.S. Nuclear Regulatory Commission, will serve as the government lead 
for this effort and I will serve as the industry lead. 

We plan to share the results of this effort with 0MB, and have briefed them on how we 
can help support the implementation of FITARA in several ways; 

1) Develop draft templates for agencies to use in conducting their self-assessments. 

2) Provide a number of proven implementation models for budget formulation and 
oversight, program governance, and delegation of authorities that should cover the 
array of different agency models, from centralized to highly-federated 
management of IT. These models are intended to help agencies draw on best 
practices to address the Common Baseline requirements of FITARA. Agencies 


3 ACT-IAC has completed studies related to IT acquisition and last year testified before the Senate 
Homeland Security and Government Affairs Committee on program management issues similar to those 1 
described above, alongside GAO, OMB, and GSA. That testimony can be found at 
https://a ctiac.ore/sites/ def ault/files/ACT-lAC testimony on major IT acauisitions.pdf . 
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can adapt the model that best fits their organization and further tailor the model to 
address cultural or other unique organizational requirements, 

3) Develop an approach to help measure the impact of FITARA over time. 

4) Provide feedback on cross-cutting issues raised from the agency self-assessments 
and implementation plans. 

5) Plan for a first-year review and update based on lessons learned and feedback 
regarding the implementation of FITARA and measures of impact. 

It is ACT-IAC’s objective to help the government through the process of implementing 
FITARA by providing a set of tools that aid an agency leadership and the CIO in 
establishing proven and practical budget, governance, and delegation models to 
effectively manage the agency’s IT. 


Accountability and Measuring Success 

The recommendations above can help agencies ensure that they develop a FITARA 
implementation plan that is appropriate for their agency and that has the promise to help 
the agency manage IT acquisition and operations more effectively. But ultimately, 
success will be dependent on two additional factors: 

• The competency of the agency CIO 

• The level of support provided to the agency CIO by the agency leadership. 

The level of change required in most agencies to properly implement FITARA is 
significant and the agency CIO needs to have the leadership, management, and political 
experience to drive this change, as well as a deep understanding of IT management. Yet I 
must reiterate that while FITARA places a great deal of attention on the authorities of the 
CIO, care must be taken to also reinforce the partnering expectation by holding the CIO 
accountable for partnering with others in the agency, especially mission owners and the 
other CXOs. There is some concern that CIOs will use their new authorities to become 
authoritarian. That will not work. The key is having the agency CIO have vision and 
provide leadership in all IT matters, but also work to build consensus throughout the 
agency leadership team. 

In terms of accountability, it has to start with the Administration and rests with OMB and 
the agencies. In particular, OMB must help ensure that the agency CIOs have the 
capability to perform their job and have the support from agency leadership to give them 
the chance to drive the required change to effectively implement FITARA. Further, the 
agency leadership must be supportive of the agency CIO, having the individual’s back, 
particularly in agencies that are operating in a federated environment (this is particularly 
an issue in the cabinet-level departments). Congress, and in particular the House 
Committee on Oversight and Government Reform through your Subcommittees can 
support these efforts by demanding aggressive implementation of FITARA by agencies, 
development of measures for assessing FITARA’s impact, and transparency in reporting 
of ongoing progress, while also highlighting obstacles in agencies to be overcome. 
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The benefits of FITARA implementation will take years to realize, so while we need to 
move aggressively to implement FITARA, we also need persistence and patience. My 
experience in government has shown that the implementation of significant change takes 
two years, and the benefits of that change really being felt in year three and beyond. The 
cultural change is the longest to implement and we undermine the ability to affect 
significant positive change if we expect to shorten the timeframe for success to take root. 

In regards to defining how to measure success, I turn back to GAO and the placement of 
IT acquisition and operations on the GAO High Risk List. In that report**, I was pleased 
to see that GAO documented a set of concrete evaluation criteria; 

• 0MB and agencies should, within four years, implement at least 80 percent of 
GAO’s recommendations related to the management of IT acquisitions and 
operations. 

• Agencies should ensure that a minimum of 80 percent of the govemmenf s major 
acquisitions deliver functionality every 12 months. 

• Agencies should achieve no less than 80 percent of the more than $6 billion in 
planned PortfolioStat savings, and 80 percent of the more than $5 billion in 
savings planned for data center consolidation. 

Those are high bars, but GAO is not asking for perfection. And the targets are specific 
enough that an Administration can drive action in each of the areas, set measurements 
and objectives by year, and track progress. The implied four-year time frame is 
aggressive but not impossible. 1 would recommend that in addition to these success 
measures, that each agency develop a set of success criteria that are oriented toward 
measures of how IT can more effectively support the mission and business outcomes of 
the agency. These addition measures will help ensure the agency CIO is focused on both 
making IT more efficient, but most importantly, on how IT can to help an agency do its 
job more effectively. 


Conclusion 

This government and the current Administration have a golden opportunity to set the 
correct foundation for success implementing FITARA, so that when leadership for the 
next Administration arrives, the critical elements of FITARA are already taking root. If 
that happens, it will be natural for the next Administration to build on that foundation to 
drive significant success in IT acquisition and operations. Yet FITARA, while helpful, 
is not in of itself going to fix what ails federal IT. We need sustained leadership focus 
and commitment. I am pleased to see such leadership currently coming from both 
Congress and the Administration. It is critical to make enough progress during the next 
18 months to ensure that leadership commitment to FITARA is sustained into the next 
Congress and Administration. 

Thank you for the opportunity to testify today. 


* GAO, High-Risk Series: An Update, GAO- l.S-290: Published; Feb 1 1 . 20 1 .A Pubiiclv Released: Feb 1 1 
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Mr. Hurd. You can’t have a conversation on FITARA without 
comments from the distinguished gentleman from Virginia. 

I’d like to recognize Mr. Connolly for 5 minutes for opening re- 
marks. 

Mr. Connolly. Thank you, Mr. Chairman, and thank you for 
being so gracious. I want to thank you and the committee for hold- 
ing today’s important hearing to examine the implementation of 
the bipartisan FITARA Act, or as we often prefer up here, Issa- 
Connolly. FITARA is the first major reform of the laws governing 
Federal IT management and procurement since the enactment of 
the Federal Clinger-Cohen Act of 1996. And I want to take a mo- 
ment to recognize the leadership of our former colleagues. Bill 
Clinger and Senator William Cohen. 

Today there’s widespread agreement that the text of the Clinger- 
Cohen Act was quite good and that the 1996 law held the potential 
to be truly transformative. However, in retrospect it is clear that 
the Clinger-Cohen Act, while establishing a solid statutory frame- 
work unfortunately fell short of achieving its full potential. There 
is also consensus that the primary weakness of that act was not 
the bill itself but actually its inadequate implementation, which 
was exacerbated by the absence of congressional oversight at that 
time. The latter being an unfortunate result in part of both authors 
departing Congress shortly after the law’s enactment. That’s why 
today’s oversight hearing, Mr. Chairman, is so important to change 
that pattern of history. 

With the history of Clinger-Cohen in mind, and as the co-author 
of FITARA, I’m committed to doing everything on our part to guar- 
antee that we do not repeat the implementation mistakes of the 
past. And I’m so delighted that my colleague in arms, Mr. Mead- 
ows, shares that commitment. And I know Ms. Kelly does, and I 
know you do, Mr. Chairman, and that’s great. And I know Mr. Issa 
has not lost interest in this either, although he’s now in Judiciary 
Committee making music over there. 

We have to make sure that the FITARA implementation is not 
Clinger-Cohen 2.0. Congress must and will diligently monitor its 
implementation and won’t accept unnecessary delays, improper 
half measures, and the stubborn preservation of the status quo. 
The good news here, though, is that the administration is on our 
same page. And I’m so pleased that the FITARA implementation 
has gotten off to a tremendous start in no small part due to the 
efforts of the four people in front of us. 

I want to commend the leadership, particularly the Office of 
Management and Budget, including our excellent witnesses today. 
In many respects, the FITARA guidance that they’ve issued is one 
of the best policy publications I’ve ever seen. It’s enthusiastic, it’s 
clear, and it is with the program. We’re not fighting at all. From 
its content to the collaborative nature in which it was developed to 
the innovative and transparent manner in which it was published, 
OMB’s efforts to implement FITARA truly represent a best practice 
and new milestone in good government. And I’m so pleased that 
since FITARA’s enactment the administration’s demonstrated full 
recognition of the importance of effective implementation. 

As 0MB noted in its proposed guidance, “FITARA is an historic 
law that represents the first major overhaul of Federal information 
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technology, IT, in almost 20 years.” I’m also pleased that GAO rec- 
ognizes the potential to achieve billions of dollars in cost savings 
and cost avoidances by strengthening agency CIO authorities and 
promoting the elimination of wasteful and duplicative IT systems. 

At a February 2015 hearing held by our committee, the Honor- 
able Gene Dodaro, the comptroller general explained GAO’s ration- 
ale behind designating improving the management of IT acquisi- 
tions and operations as a new government-wide high risk area, 
stating, “One of the reasons we put IT acquisitions and operations 
on the list is in order to elevate attention to make sure that 
FITARA,” and, he says, “Issa-Connolly is implemented effectively.” 
God bless Gene Dodaro. 

Moving forward, there’s bipartisan, bicameral support for fully 
implementing FITARA. A vast majority of members, I think, share 
the goal of dramatically curbing wasteful IT spending on anti- 
quated IT systems and want to promote management practices 
that will prevent agencies from wasting billions of taxpayer dollars 
on IT boondoggles that fall years behind schedule and appear a 
staggeringly poor performance with shockingly high costs. 

There’s also a recognition that Federal policymakers and agency 
administrators must cease relegating IT management to the cellar 
of an agency’s organizational hierarchy. The bottom line is that 
FITARA’s enactment represents the long overdue recognition that 
in the 21st Century effective governance is inextricably linked with 
how well government leverages technology. This reality of modern 
government underscores why it’s incumbent upon both branches of 
government to work together in a pragmatic fashion to ensure we 
take advantage of the opportunities this legislation, I believe, af- 
fords us. 

So in closing, Mr. Chairman, I want to take a moment again to 
express my sincere gratitude and appreciation to the leadership of 
this committee and our subcommittees and to 0MB and GAO espe- 
cially in elevating the importance of this issue and the implementa- 
tion of FITARA. 

Thank you. And I look forward to having a chance to dialogue 
with the panel. 

Mr. Hurd. Thank you, Mr. Connolly. 

Mr. Hurd. And now it’s a pleasure to recognize my colleague 
from North Carolina, Chairman Meadows, for 5 minutes. 

Mr. Meadows. Thank you, Mr. Chairman. Thank each of you for 
your opening statements. I will apologize up front. I actually have 
another meeting I was supposed to be at 15 minutes ago. So the 
chairman was kind enough to let me go ahead with some of my 
questions. 

So Ms. Rung, let me start with you. With regards to these legacy 
systems that are out there, a lot has been talked about in terms 
of where they are, how much we’re spending. How can we from a 
procurement standpoint allow a redo or a start over. We’ve got 
FITARA, we’ve got a number of these others, but it’s all in the im- 
plementation as my good friend Mr. Connolly just outlined. What 
can we do to make sure that we are not sitting here 2 years from 
now with the same problem? 

Ms. Rung. Thank you for the question. As my colleague stated, 
you know, IT acquisition spend is approximately $80 billion a year. 
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So this is an important space for us to tackle, and I appreciate 
GAO’s work in this area, and in particular in putting it on a High 
Risk List because it lends a energy and focus to some of our efforts 
to really address this area. 

When I think about IT acquisitions, I really think of it in two 
buckets. Really, there is the IT systems, which is a much different 
strategy in tackling that area, and I also think of IT commodities 
where we are really focused on how can we be more efficient. 

In the IT systems area, what I hear consistently from industry 
is that the issues and challenges start at the requirements phase. 
Right? Really early in the process. And a couple things we’re doing 
in this space. I think it all comes down to the acquisition and IT 
workforce and do they have the skills and training to know how to 
put these acquisitions together. We’re developing for the first time 
a specialized IT acquisition team. When I started in this job, I sat 
down with our former CTO, Todd Park, who talked about the suc- 
cess of the digital services team. But these are primarily tech- 
nologists from Silicon Valley. He stated that we should be thinking 
about the acquisition equivalent of this. 

From that point on, we started to collaborate, along with my col- 
league Tony Scott, the Federal CIO, on creating a first certified 
digital IT acquisition team. We’re going to start by pulling career 
employees, career contracting officers, from the agencies. We’re 
going to put them through a training we’re developing in partner- 
ship with industry, and we’re going to send them back to the agen- 
cies early next year to really provide a hands-on approach in devel- 
oping these acquisitions and thinking about can we write these re- 
quirements in a more agile way. To be more specific, oftentimes I 
hear from industry that our requirements or statements of work 
are several hundred pages long and overly government oriented 
and overly prescriptive, and then they are required to submit pro- 
posals that are several hundred pages long. 

What we’d like to move to through this new team is thinking 
about a more succinct statement of objectives, thinking about hav- 
ing industry submit short concept papers, and really trying to ap- 
proach these acquisitions in a more modular manner, and I think 
that will have a significant impact in the IT system space. 

Mr. Meadows. All right. So let’s assume that we do that and we 
take that and we break it down. Is there not a danger of looking 
at the old way that we’ve done acquisitions, whether it’s procure- 
ment or getting rid of the systems that we’ve had that we run 
home again to that safety blanket and say: Well, we’re willing to 
come half way. You know, instead of it being a 100-page RFP, it’s 
an 80 page. How do we make it more results driven? 

As a business guy, you know, all I wanted to do is perform a par- 
ticular function and do it as effectively as we can, and yet we some- 
how seem to continue to run back to FORTRAN and COBOL kind 
of systems to keep them running. 

Ms. Rung. That’s a great question. How do you have an impact 
in such a large complex space that represents overall $450 billion 
in spending where I have 3,300 different contracting offices across 
the globe. So how do you really make an impact and tiy to drive 
change? I think FITARA represents a major transformation in how 
we think about IT acquisitions. The way I’m approaching it is 
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thinking about our efforts like a start-up company, and I’m focus- 
ing on a small team of people. 

I know that the first time that I develop this program to create 
a new specialized team or a new specialized IT cadre, I may not 
get it exactly right. I want to put them through this training that 
we’re developing and partnership with industry. I want to send 
them back to the agencies to provide that hands-on assistance, but 
most likely I’m going to tweak that, and I want to scale it up over 
time. And I think what the digital service team has shown is that 
a small group of people can have a huge impact in this area. 

Mr. Meadows. I see I’m out of time. So I’m going to yield back 
to the chairman, but I would like the GAO, if you can let us know 
how we can help. You mentioned oversight being the critical com- 
ponent, how we can know whether we’re making progress or not. 

A matrix, you know, best performers, worst performers, whatever 
we can do, if you would do that, and I won’t ask you to respond 
to that, but I’ll yield back to the chairman. Thank you. 

Mr. Hurd. Thank you, Mr. Chairman. 

Now I’d like to recognize my friend and ranking member, Ms. 
Kelly, for 5 minutes. 

Ms. Kelly. Thank you, Mr. Chairman. 

OMB’s guidance will help agencies establish effective oversight of 
the management of their IT investments and resources. 

Mr. Scott, what is the desired outcome of the enhancements to 
agency oversight of IT resources? What benefits can be anticipated? 

Mr. Scott. I think there’s a number of what I’d call success fac- 
tors that we should look to over time as FITARA and the other 
things that we’re doing get implemented. 

The first one I think is faster delivery of needed capability. In 
this world, speed of delivery is everything. And as is probably obvi- 
ous, in most cases when you do things faster, you’re limited in the 
amount of money you can spend doing it, and so there’s a double 
benefit. 

The second thing I would say is efficiency of spend. And there 
are a number of different ways that we can measure that. I would 
then look to being on time and on budget as a classic measure. I 
don’t think that goes away. We also have to make sure that the 
systems we deliver and the capabilities and infrastructure that we 
deliver are secure. And there’s ways that we will measure that. 

And then I think we have to look at the underlying components 
our infrastructure and delivery capability, and make sure that’s 
also modern. I think measures in each of those areas are the things 
that I would look for. 

Ms. Kelly. Let’s speak a little bit about transparency. The guid- 
ance also provides for increased transparency and accountability of 
agency management of IT resources. So what are some examples 
of increased transparency regarding IT acquisitions and operations, 
and how will increased transparency contribute to effective con- 
gressional oversight? 

Mr. Scott. Well, the first thing you’ll notice is in August of this 
year each of the agencies will be required to submit their self-as- 
sessment plan and their plan for FITARA implementation. And 
that will be made public and certainly we’ll be all over it, and I’m 
sure this committee will also be looking at it along with GAO and 
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others. And that’s the first in a set of reports and deliverables that 
come out of FITARA. 

In addition, we’re going to keep doing the PortfolioStat, TechStat, 
and CyberStat reviews that we do, and as was already mentioned, 
we have improvements under way to the IT dashboard as well. So 
I think all of those will help both with the timeliness but also the 
visibility and transparency of how this goes. 

Ms. Kelly. You said you’re sure this committee will be all over 
it, but why do you think the GAO believes congressional oversight 
is so essential? 

Mr. Scott. Well, I think in this particular case, as there’s a huge 
amount of transformation taking place in the IT industry and every 
business, government, and institution getting this right is table 
stakes for all interests, and I think given the various roles that the 
parties that you mentioned play, it’s important that we have each 
of those perspectives in on this and that it’s shared broadly across 
the community of interest. 

Ms. Kelly. My colleague. Ranking Member Connolly, a co-author 
of this legislation, has repeatedly expressed a need for congres- 
sional oversight of the implementation of FITARA to help ensure 
the improvement it directs are achieved government-wide. 

Mr. Powner, what is at risk if congressional oversight is not 
maintained on agency implementation? 

Mr. Powner. Well, Ranking Member Kelly, I think if you look at 
the history, and it was mentioned here going back to Clinger- 
Cohen, the history of implementing effectively, going back to 
Clinger-Cohen, OMB’s recent initiatives — our high risk area and a 
lot of FITARA is OMB’s own initiatives that haven’t been imple- 
mented to completion. That’s the bottom line. And history tells us 
that if you leave it up to the administration, 0MB, and the agen- 
cies, it doesn’t work as well. But if you have Congress overseeing 
key areas to ensure that there’s cost savings, a good area is incre- 
mental development. We all agree that we ought to go smaller to 
help with the delivery. 

If we got real serious about incremental development and imple- 
mented OMB’s 6-month policy, maybe we shouldn’t fund projects 
either from an appropriation perspective or from OMB’s perspective 
that they can’t deliver within the budget year. Let’s look real hard 
at not funding those projects. They should deliver something within 
the budget year. 

Ms. Kelly. Mr. Scott, do you agree? 

Mr. Scott. I think many, many projects lend themselves to that 
kind of short incremental development, but I would say we have to 
be a little bit careful there, and I’m not trying to, you know, put 
a wet blanket on any of this. I think there’s much more opportunity 
for us to do that than others. 

And so I strongly endorse that trend, but I think one of the chal- 
lenges that I see already is there’s already a funding sort of quag- 
mire in the way some projects are managed, and one of the things 
that I do know greatly impacts the success of a project is if there’s 
a lot of start/stop, start/stop, start/stop, that leads to a ton of ineffi- 
ciency and so on. So I’d prefer to see a mechanism that, you know, 
if the programs are meeting its goals and its deadline, there’s not 
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uncertainty about funding, and if there’s problems, then you yank 
the cord. 

Ms. Kelly. I’ve run out of time. So thank you, but I look forward 
to working with the members of this committee to provide effective 
oversight of the implementation of FITARA reform to help ensure 
that needed improvements are achieved. So thank you all very 
much. 

Mr. Hurd. Mr. Walberg, 5 minutes is yours. 

Mr. Walberg. Thank you, Mr. Chairman. 

Mr. Powner, CIO integration into the IT investment decision- 
making process, as we have discussed here, is key to successful im- 
plementation of FITARA. How do we ensure that the CIO is actu- 
ally integrated into the IT investment decision and the process as- 
sociated with that within each agency and department? 

Mr. Powner. I think that’s the key question. When you look at 
FITARA, that’s the first provision and probably the most important 
is enhancing the CIO authorities. I think 0MB deserves a lot of 
credit for their common baseline in what they’re attempting to do 
to elevate the CIO authorities within each agency, ensuring that 
they’re part of the budget approval and execution process. But 
you’re absolutely right, and as Mr. Spires mentioned in his state- 
ment, there’s some agencies that are going to really struggle with 
that because of their current setup. The way they’re currently set 
up, they don’t necessarily have that budget — that oversight of the 
budget approval and the execution to have the appropriate govern- 
ance processes that Richard referred to. So that’s the challenge. 
That is the challenge. 

So first of all you need the appropriate processes, but we also 
need the appropriate people. And I think one of the things hope- 
fully with FITARA, it’s going to attract even a better breed of CIOs 
into the Federal Government, if in fact it’s a real CIO job. Some 
of the CIO jobs in the Federal Government aren’t CIO jobs that you 
have in the private 

Mr. Walberg. So it’s not encouraging. 

Mr. Powner. Well, it can get a lot better, and clearly we have 
pockets of success. There are pockets of success that we can learn 
from where there are the appropriate authorities, and I think with 
the common baseline, it’s a step in the right direction, but it’s going 
to take time, and I think, again, your congressional oversight, 
when you look at these plans to fill the gaps that agencies have on 
the common baseline, that’s going to be really important that we 
implement that effectively. 

Mr. Walberg. Mr. Scott, before I go to Mr. Spires to respond to 
that and add to it, Mr. Scott, responding to what Mr. Powner just 
ended his statement with, carry on with that thought. 

Mr. Scott. Well, I totally agree this is all about, you know, hav- 
ing capable and competent people. And I’ve added it as one of the 
priorities for my team in terms of things that we are spending a 
lot of time on. 

So it’s looking at talent across the Federal Government, making 
sure that there’s good development experiences for the talented 
people that are working in these roles, that they get exposed to 
multiple kinds of organizations and the broad set of things that are 
required of a CIO in a big organization. I think that’s an important 
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part of our responsibility as leaders to make sure that when we’re 
gone, the next generation of leadership is in place and has the 
right skill sets to do the jobs that we’re asking of them. 

Mr. Walberg. And the expectations on them and the account- 
ability as well. 

Mr. Scott. Right. 

Mr. Walberg. Yeah. Mr. Spires. 

Mr. Spires. Yeah. I certainly would echo the thoughts about the 
importance of having the skill sets. I would pick up on this idea 
of having the proper support. You know, it’s critical that the CIOs 
are empowered to be able to do what they need to do within these 
agencies, and particularly in those agencies that have federated en- 
vironments where there’s not just one single CIO organization, or 
IT organization. 

And I think that’s even incumbent upon 0MB and the adminis- 
tration to make sure that that happens and that the support is 
there from the agency leadership to enable that CIO to be effective. 
Because they’re going to be dealing in a federated environment 
with bureaus, CIOs or other heads of IT and other organizations 
in that agency, and that all has to work collectively to be able to 
carry out FITARA in a distributed kind of manner. 

And the good news is that 0MB has done a nice job with their 
guidance of laying out ways in which you can set that model up. 
But there are proven models to be able to work in that federated 
environment. So it’s also going to be incumbent upon 0MB to make 
sure that those agency models fit the agency well. And they’ve got 
a process for that review. I don’t know if every agency is going to 
get it right the first time, but I think as there’s an iterative process 
and a real drive to make this happen, over the next 18 months you 
should be able to get these models to work well. 

Mr. Walberg. Ms. Rung, tie the bow on this discussion here 
from your perspective, especially dealing with policy. Policy and 
personnel sometimes run amok. Help us in answering here. 

Ms. Rung. Well, to build upon what Mr. Spires talked about a 
little bit of the challenges of the federated system, what I’ve seen 
is the impact of that on the acquisition space. And without the 
CIOs really having accountability and authority, what I’ve seen in 
the acquisition space is that there are not owners of certain IT 
commodities. For example, mobile devices. No one in the agency 
feels accountability for the mobile devices. So you see lots of dupli- 
cation and a lack of transparency. 

With reference to the workforce and ensuring, you know, we are, 
you know, focusing on the skills of our workforce, I echo everything 
that was said here. I think I approach it in two different ways. I 
mean, one, we want to make sure that we’re holding our acquisi- 
tion personnel accountable for performance. At the same time, I 
want to ensure we’re lifting up and helping to train and strengthen 
our workforce and really recognize the good work that is going on 
across government. 

Mr. Walberg. Okay. 

Mr. Walberg. Thank you. My time is expired. 

Mr. Hurd. Thank you, sir. Now I’d now like to recognize Mr. 
Connolly for 5 minutes. 
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Mr. Connolly. Thank you, Mr. Chairman, but could I just ask, 
if there were colleagues ahead of me before I arrived, I would cer- 
tainly defer to them. 

Mr. Hurd. I would like to recognize Ms. Holmes Norton for 5 
minutes then. 

Mr. Connolly. Thank you. I want to be fair. 

Ms. Norton. Well, my good friend from Virginia is always fair. 
I certainly appreciate it. 

I went straight to the GAO report because I am particularly in- 
terested in diagnosis. We have the bill, and we are beginning its 
implementation. I went to page 2, in particular. We hear a great 
deal about IT failures, we hear about them in the public sector, we 
hear about them more often in the private sector. It leads me to 
believe that IT itself should be seen as still a developing science, 
why there is so many failures even from people who lose tremen- 
dously at the bottom line. 

So I’m interested, Mr. Powner, in page 2 of the GAO report, be- 
cause the only thing worse than taking a long time to acquire or 
taking a long time for a system to come online is taking a long time 
and then the whole thing fails. You’ve spent billions of dollars 
down the drain. So on page 2 you list some very costly examples. 
Just to touch on a few. After 5 years, DOD had to just cancel its 
combat support system, or I won’t list them all. 

Nine years, the VA scheduling and replacement project, then fi- 
nally they just, you know, called it quits, but that’s 9 years’ worth 
of money. Sixteen years, they should stick with them a long time. 
This is the tri-agency weather satellite program, a number of agen- 
cies in on this one, $5 billion in 16 years. 

Now, so my first question is, is this kind of failure typical of 
large scale operations, or should we look for it in the public and 
private sector? I mean, are these — is this simply IT finding its way 
in truly large scale systems, because we see large scale systems in 
the private sector going overboard too, with far worse con- 
sequences. 

So first I want to know what’s wrong, or are we in such a devel- 
opmental stage that somehow these agencies, you know, they ought 
to stick with these things. I mean, we are in for a dime, we are 
in for a dollar, we’re in until somebody throws us out, and why 
don’t they get out sooner? Why do they spend the last dollar before 
they decide this just isn’t working? And what can we do about it? 
Will FITARA do anything about it? 

Mr. Powner. Yeah, there’s aspects of FITARA that would help 
greatly. So first of all, again. I’ll emphasize incremental certifi- 
cations by the CIOs of major IT systems. I agree with Mr. Scott’s 
comments. Some of them you can’t go real small, but you can do 
it with a lot more. 

Best practices, we’ve done a lot of best practices work on success- 
ful acquisitions. These are failures, and I can tell you about each 
one of them, but the successful ones, they typically all go small. 
The other thing is. I’m going to re-emphasize the TechStat process 
that 0MB implemented right after the dashboard went live. There 
were about 50-some projects, 70-some meetings, and there were a 
lot of these projects that were halted, descoped, corrected, and 
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there was great progress to the tune that 0MB says $3 billion were 
saved. 

We need to go back to looking at these projects, because within 
agencies there’s a reluctance to stop a project. I have a report com- 
ing out next week on a Department of Agriculture project. It’s list- 
ed back in my testimony as something to look. You could add it to 
the failed list right now. 

Ms. Norton. What’s the reluctance? What’s the reason for the 
reluctance? 

Mr. PowNER. The reluctance is to not acknowledge that we have 
these problems and to think that we can fix them. 

Ms. Norton. Will the CIO help that? 

Mr. PoWNER. The CIO should help with that, and I think some- 
times not just terminating or canceling, but sometimes we can 
descope and have course correction on them. That’s where these 
TechStat meetings with the right governance models can really 
help. And so we saw it right after the dashboard went live with 
OMB’s meetings. It was a successful time correcting a lot of these 
troubled projects. 

Ms. Norton. I can’t help but ask you when we just had this $4- 
, I don’t know, million-dollar employee breach at the 0PM. We’ve 
had one of those you list, it’s a little less costly, was the retirement 
system, and that’s been one of the 0PM retirement system, that’s 
been one that’s been before this committee over and over again as 
a failure. 

To what do you ascribe what happened to the 0PM? 

Mr. PowNER. With the retirement systems, I looked at that years 
ago. 

Ms. Norton. The retirement system and the collapse reported 
last 

Mr. PowNER. There has been multiple starts and stops on that 
retirement system at 0PM. I think we try to do too much. Why 
don’t you start with the really simple retirement, a very simple em- 
ployee, you know, stay at one agency and you start small and you 
deliver. I know when Mr. Spires was at IRS, he finally did process 
tax returns on a modern platform. You know what he did? He took 
a 1040EZ and did it. He went small and simple, and then they 
grew it, and everyone at IRS said, look, wow, we’re now processing 
on a modern platform. No one really cared it was only a 1040EZ. 

We tried to do everything with the retirement system replace- 
ment. Again, going small really would help. I don’t want to simplify 
this too much, but that would be a huge step in the right direction. 

Ms. Norton. Yeah we should do pilots on a lot of things. Why 
not on this? Thank you very much, Mr. Chairman. 

Mr. Hurd. Actually, I want to pick up on that topic. I recognize 
myself for 5 minutes, and maybe, Ms. Rung or Mr. Scott, this is 
appropriately directed to you. 

How do we hold people accountable for this stuff, right? You 
know, when people that are consistently on this high risk report, 
right, you know, when we had a conversation, a hearing on this 
topic earlier this year, I asked Gene Dodaro had anybody ever been 
fired for cost overrun and time overrun? And he said he couldn’t 
remember that. 
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And so, you know, the question is, is it the procurement officers, 
is it the line management officers? You know, on IT projects, does 
FITARA give the CIO enough power and authority in order to 
bring to bear some real consequences if these type of projects con- 
tinue to go? And Mr. Scott, I’ll open that one to you. 

Mr. Scott. Well, I think it does, and I think — ^but let me answer 
the question by leading up to it a little bit. 

Many of these projects, the failed ones that are, I think are noto- 
rious, you could sort of look at in the beginning and say what are 
the chances of this succeeding, and you could put a risk factor on 
that and you’d say, not high because it’s too big, too complex, you 
know, not organized the right way, you know, there’s a whole list 
of things that, you know, you could, you could probably criticize. 

And so I think that holding people accountable starts with what’s 
the design, what’s the intent of these things in the first place and 
making sure that there’s good engagement across the agency lead- 
ership, including the CIO, where everybody looking at it says, “I 
think we’ve got a chance of this succeeding because we’ve got the 
right approach, we’ve chunked it up into the right increments of 
deliverables and so on.” 

Mr. Hurd. But how do we, you know, I think it was you, Ms. 
Rung, that mentioned up front that it’s the requirements process, 
so the problem with procurement now is we’re asking, you know, 
describing the problem, and then sometimes in the procurement we 
are describing how the solution is supposed to be implemented and 
even including specific technologies, which is eliminating a lot of 
folks, you know, entrepreneurs, creativity, by also defining, you 
know, the solution to the problem. 

Ms. Rung. I think that’s absolutely correct. I mean, my goal is 
to get to a point where we don’t have to hold anyone accountable 
because the IT acquisition was a success, right. We want to fix and 
identify — identify and fix these issues way before we get to the 
point where we’re calling for heads to roll. 

And you are indeed correct, that many of these problems start 
at the requirements phase. And I think it’s quite literally training 
people in how to do these acquisitions in a much more agile way 
and how to write these acquisition requirements and providing that 
kind of hands-on assistance and getting to these acquisitions early. 

Mr. Hurd. Mr. Spires, question to you. Would could be the bar- 
riers of implementation with these lists with FITARA? Are there 
going to be CIOs across the agencies that actually don’t want this 
authority because it’s going to change the way they do things and 
they’re going to actually have to do work now? How do you address, 
you know, a reticent person from, you know, actually having to do 
their job? 

Mr. Spires. I’m not going to put it all on the CIOs. I think what 
we face is cultural issues within many of these agencies. Many of 
these organizations, and I don’t want to just pick only on the fed- 
erated ones, but clearly the federated ones face this. They are used 
to a certain level of autonomy, and particularly in a lot of these 
programs. So you’ll have major programs that have a lot of IT, but 
the mission people don’t view them as, “IT programs.” 

And that’s been an issue because then you actually have situa- 
tions where you’re not using even close to best practice, you don’t 
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have the right kind of skill sets involved in oversighting these 
projects, and — I mean, we can bet what happens in those cases. So 
to me, what I like so much about FITARA and what I like about 
what 0MB has done to date with the implementation guidance is 
this notion that, yes, we are going to empower the CIO, we are 
going to hold that individual accountable, and that individual with- 
in their organization is down the line going to have to make sure 
that these programs are set up for success. 

I’ve overseen a lot of programs, and I would echo what my col- 
leagues just said from 0MB, if you don’t start right, you are almost 
doomed to failure. And I would much rather us start and say, oh, 
got to stop right away because we don’t have the right people on 
board or we don’t have the right acquisition strategy or the right 
procurement strategy. Let’s get those things right out of the gate, 
then the success can happen. I’ve seen it time and time again. 

And to Mr. Powner’s point, you’ve got to start small, have small 
wins, and then build off of that. 

Mr. Hurd. Thank you. Now, Mr. Connolly. 

Mr. Connolly. Thank you, Mr. Chairman. And again, welcome 
to our panel. The Project on Government Oversight, POGO, is a 
nonpartisan independent watchdog organization, and it noted last 
month the FITARA is, “meant to strengthen the role of each agency 
CIO and executive responsible for all IT systems in the agency as 
well as to increase transparency in how IT funds are spent.” How- 
ever, the Department of Energy’s 17 national laboratories would 
apparently prefer that this oversight and accountability require- 
ment not apply to them. 

The 2016 Senate Energy and Water Development Appropriations 
bill actually includes an amendment that would exempt the energy 
department’s national labs from key requirements of FITARA and 
the bill’s predecessor, Clinger-Cohen. 

I wonder if you might comment on this whole issue of carve-outs 
because I’m sure 0MB has been getting some request for carve- 
outs. We have here, too. And my view is, gee, we haven’t even 
learned how to walk yet. We are just getting to guidelines of imple- 
mentation. It’s awfully premature to be deciding we need to be 
carved out unless maybe you’ve got something you’re worried 
about, but I’d be interested in your professional opinion, what 
about this situation with carve-outs? 

Ms. Rung. I’ll start. So I appreciate the question. You know, we 
are certainly anxious to talk to the agencies if they have concerns 
and work with them to address their concerns. 0MB has formally 
stated that they find the proposal to carve out the Department of 
Energy labs highly problematic. And it’s our viewpoint that 
FITARA is a tremendous management tool for the agencies, and we 
are not keen on carving out the Department of Energy labs. 

Mr. Connolly. Mr. Powner, any view from GAO? 

Mr. Powner. Yeah, this is not the time to carve out. If you look 
at OMB’s guidance, I think there’s some flexibility in how you set 
this up when you have federated organizations, and the labs are 
quite federated. But when you look at, you know, what they’re in- 
tending to do with that, that the CIO at DOE doesn’t have the ex- 
pertise, or FERDC shouldn’t be included, or R&D should not be in- 
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eluded, if you step back and look at that, it probably should be in- 
cluded. 

R&D tied to IT should be under the CIO’s authority, and when 
you really look at — we ought to let this bake awhile and not imme- 
diately start carving out. 

Mr. Connolly. Just to caution. What’s happening is people 
wanting carve-outs are coming up here and seeking legislative re- 
dress before we’ve even implemented the bill that was just signed 
into law in December and giving “chutzpah” a whole new dimen- 
sion of meaning. 

At any rate, I think it’s worthy of your note and ours as well. 
We need to resist that temptation because I agree. It was designed 
to be a useful management tool that can save you money and make 
you more efficient. It’s not an adversarial bill, and let’s give it some 
time to marinate. 

CIOs, and I’ll address this to you, Mr. Scott, and you, Mr. Spires, 
particularly, there are 250 people roughly, or when we wrote the 
bill 250 people with the title “CIO” spread out over 24 agencies. No 
private corporation would tolerate that. I don’t care how big. When 
I go in my district and I meet with little and big companies, I kind 
of ask, you know, how many CIOs have you got, and they all look 
at me like, well, one. Not the Federal Government. 

So we didn’t mandate by fiat you can only have one, but we tried 
to create incentives to infuse one person with authority and ac- 
countability and the flexibility in making decisions. I wonder, what 
is your take on that and how we ought to evolve, and Mr. Spires, 
you was one, and so I’d be interested particularly on your take on 
it. 

Mr. Scott. Well, I’ve actually worked in an organization that 
had multiple CIOs that was, you know, a fairly large enterprise. 
It wasn’t 200, but you know, there was more than one, you know, 
in divisions and then corporate CIO and so on. And my response 
would be, I think you’re on the right track. The important thing for 
us is to clearly define what the roles and responsibilities at the 
agency level are and then what the authorities are that they can 
delegate to others, and whether their title is CIO or chief bottle 
washer or whatever it happens to be, make sure where those ac- 
countabilities lie. 

Mr. Spires. Yeah, I certainly agree with Mr. Scott. And I would 
just add to that that I don’t think it’s necessarily bad, given how 
large some of these agencies are. I mean, like the one I was at. 
Homeland Security, it makes sense to have a federated model. You 
want an IT organization at a component level, as we call them, 
that really gets to understand the mission, needs, and understands 
that leadership team, and works closely with them. I think where 
we’ve gone awry, though, is that many of those components or bu- 
reaus at Treasury and the like, they view themselves as having to 
do it all. And what we need to do is move to a model where particu- 
larly when it comes to the commodity or infrastructure IT ele- 
ments, where we can leverage by empower the Federal Govern- 
ment, we need to start do much more of that and to really start 
to reduce duplication. 

That’s the other big point is we talk a lot about spending on leg- 
acy, but a lot of that is on systems, and when you start counting 
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them up, and Mr. Powner here can comment on this, you know, we 
have way too many systems overall. And the way to start to reduce 
those is through good governance, through strong leadership at the 
agency level that’s driving that simplification, which not only saves 
us a lot of money, I think it makes you run much more effectively, 
and it makes you actually a lot more secure, which is also a really 
key issue. 

Mr. Connolly. Thank you, Mr. Chairman. 

Mr. Hurd. Thank you. And I’d like to recognize my colleague 
from Iowa, Mr. Blum, for 5 minutes. 

Mr. Blum. Thank you, Mr. Chairman, appreciate it, and thank 
you very much to the panel for being here today and sharing your 
expertise and your insights with us. 

I have a question for Mr. Powner. Since 2010, the GAO has made 
737 IT-related recommendations. As of January, only 23 percent of 
those have been fully implemented. And I come from the private 
sector, and I am a career businessman. If this happened in my 
company, heads would roll. Can you tell me. A, what that number 
is today, and B, what, in your opinion, accounts for that delay? 

Mr. Powner. Yeah, I don’t have an exact updated, slightly high- 
er but not much, just a few percentages. You’re absolutely right, so 
here’s the challenge. When we make recommendations, we give 
agencies about 4 years that we follow up on a 4-year basis fairly 
aggressively to see if those recommendations are indeed imple- 
mented. Those 700-and-some recommendations do not include all of 
our information security, so that’s just tied to IT management type 
things, so there’s room for great improvement. 

One of the things we’re doing — I know the Comptroller General 
Gene Dodaro, we’ve prioritized those recommendations by agency, 
and most of the priority recs do include several of these IT areas 
where there is 10 to 15 recommendations going to the heads of de- 
partments and agencies to really highlight the importance of imple- 
menting those recommendations going forward. 

So again, you’re absolutely right. It’s a great challenge. We’re 
trying to do our best. At times, you know, some of the congressional 
oversight, you guys can help us with that, too, lean in on some of 
these agencies to be more focused on our recommendations. Hear- 
ings like this greatly help. 

Mr. Blum. I mean. I’m almost afraid to ask this, but are these 
not being implemented because we’re understaffed or is it because 
the head of the agency doesn’t view them as particularly impor- 
tant? 

Mr. Powner. I think it’s a combination of things. I think some- 
times there it’s competing with priorities, no doubt, to be fair to 
some agencies, but also, too, I think there needs to be intense 
focus. Here’s what happens. We go in and do a review, make rec- 
ommendations. Many times you can go into that same agency 3 or 
4 years later and we make the same recommendations all over 
again. And so that’s where we just need, again, more aggressive 
followup, and it needs to be more of a priority at some of these 
agencies. 

Mr. Blum. Will FITARA help address these delays, in your opin- 
ion? 
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Mr. PowNER. We greatly hope so. So as an example, I’ll tell you 
this. Data Center Consolidation is a great initiative, and we saved 
about $2 billion with Data Center Consolidation to date, but there’s 
a lot of agencies that think they’re done. We have $5.5 billion that 
we can continue to save, but we need focus on our recommenda- 
tions. I highlighted six agencies in my oral statement that, frankly, 
they had a lot of consolidations with very little associated savings, 
and we highlighted that and made those recommendations, so 
we’re going to continue to drive forward on those recs. 

Mr. Blum. Are there deadlines given like there would be in the 
private sector, given to resolve some of these recommendations that 
have been made, the 737? Do the department heads or agency 
heads give deadlines? 

Mr. PowNER. Department heads and agencies are required with- 
in several months to get back to us on our recommendations after 
we write a report, and then, you know, typically, they are not im- 
plemented in that period of time, but again, then they are on the 
hook to report back to us on implementation. Again, we track them 
over a 4-year period. There are exceptions made typically by the 
comptroller general that he will extend that 4-year period for very 
important recs. 

Mr. Blum. Thank you. And my next question is to Mr. Scott, who 
was in the — or is in the private sector currently, I believe. 

Mr. Scott. Was. 

Mr. Blum. Was in the private sector. If you can just comment, 
Mr. Scott, briefly about the difference — is there a difference in find- 
ing qualified people for the private sector versus finding qualified 
people for the public sector? 

Mr. Scott. I would say there’s probably two issues that I would 
talk about in that space. Yes, it is difficult both in the private sec- 
tor and the public sector. The public sector has some additional 
hurdles associated with it, hiring authorities and so on that I know 
this committee and others have addressed over a period of time. 

Mr. Blum. Are any of those hurdles culture? 

Mr. Scott. I’m sure there are some. I’ve only been here 4 
months, so I’m not deeply steeped in the culture. 

Mr. Blum. I’ve only been here 4 months as well. 

Mr. Scott. Yeah, but I’m sure there are some of those as well. 
But I’ll give you an example out of my private sector experience. 

We looked at hiring, and our ability to get the best talent, and 
one of the things that we discovered was not what we were paying, 
not what the job was or anything else, it was the speed with which 
we could get an offer in somebody’s hands. And so quite often the 
person we wanted would have taken a job with us, but because we 
were slow, ended up taking a job somewhere else. 

And so one of the things I’m looking at are what are the things 
that we can do to be quicker at, you know, getting a job offer in 
the hands of the person that we want. 

Mr. Blum. Very good. Thank you. I’m out of time. Thank you, 
Mr. Chairman. 

Mr. Hurd. Thank you. And now it’s a pleasure to recognize for 
5 minutes my fellow computer scientist and colleague from the 
golden state, Mr. Lieu. 
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Mr. Lieu. Thank you, Chairman Hurd, thank you for calling this 
important hearing. Thank you. Representative Connolly, for your 
work on FITARA, and to the panel, for your public service. Forty- 
five years ago we sent a man to the moon and brought him back, 
so it’s not as if our government can’t contract with very complicated 
systems, but we also didn’t launch. It was only 80 percent ready, 
right? We knew that thing was going to work. And it seems to me 
that, for whatever reason, in the public sector. I’ve noticed that the 
public sector will launch products they know are not ready. 

So the Affordable Care Act was a disaster at rollout, and peo- 
ple — there were people that knew it was not ready and it launched, 
and it’s working well now and testing makes a huge difference. 
They just had to test on more people, figure out the bugs. I’m sure 
Chairman Hurd and I would agree that we’ve never seen a com- 
puter program work the first time. 

And it’s not limited to the Federal Government. In Los Angeles 
County, LA Unified School District had a program that was just 
going to track students, figure out their classes, and where you’re 
going to go, and they knew it wasn’t ready because the papers re- 
ported it wasn’t ready, and they launched anyway. It’s one reason 
the superintendent resigned. 

And you see this happening, and I’m just curious, from your 
view, why is it that that happens? Because in the private sector, 
if Microsoft is about to launch a product and it’s not ready, they 
don’t launch. They push it back. They do more testing. They make 
sure when they launch it to the consumers, it doesn’t crash the 
first time you use it. So I’m just curious, is it that CIOs are not 
trained adequately to know the thing doesn’t work or is it the agen- 
cy heads overriding them, or the CIO is not telling the agency head 
this thing isn’t working? What is causing these launches of prod- 
ucts that don’t work the first time? 

Mr. Spires. Mr. Lieu, I will comment, having not been part of 
the Affordable Care Act launch but having worked at a couple of 
different agencies and seen the dynamics at times within govern- 
ment agencies that FITARA, really I believe, should address. 

And I call it a breakdown in governance, okay, where you end 
up in a situation where the people that actually understand what 
it takes to launch these systems no longer have a say in what actu- 
ally is launched, when it’s launched, how it’s launched. And I hate 
to say it, but I have seen this happen a couple of times in govern- 
ment. And we need to make sure — and that’s one of the paramount 
things about FITARA, is to empower the agency CIO. 

Now, you better have a competent agency CIO, right, but the 
agency CIO that understands IT management that says, what, 
we’re not even — we’re rushing this thing through testing to try to 
get it launched? We know that’s going to fail, right. These are some 
basic things if you build IT systems you learn. Most of us have 
learned the hard way. I’m afraid. 

But these are things that you learn over time, and we need to 
make sure that that governance model is in place. It doesn’t mean 
that the CIO has the ultimate say in everything, and that’s the 
pushback you get, but that individual has a key seat at the table 
so when those discussions are happening, that individual says 80 
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percent chance this is going to fail if we do this. We have to find 
a different way. Those discussions have to happen. 

Mr. Lieu. Under FITARA, if the CIO believes that this system 
is not ready to go, can agencies still launch it? 

Mr. Scott. Well, our guidance is that in the agencies, they do 
the TechStats, and they’re to do monthly reports. So if a project is 
read for 3 months in a row, there’s a mandatory TechStat review, 
0MB is invited to that, and we’d certainly have a discussion at 
that point about whether the program was on track and ready to 
launch. 

So I think that, you know, regular review is one of the steps that 
you would look at. But I also — I actually worked at Microsoft for 
about 5.5 years and saw success and failure in big IT projects and 
so on, and the phenomena that Mr. Spires talked about is exactly 
the problem. There’s not the level of transparency. You get an atti- 
tude that you’re too big to fail, that you just have to go ahead. The 
information that needs to get to leadership to make the right deci- 
sion doesn’t get there, and people, you know, jump off the cliff and 
then and only then discover that there’s a big problem. 

So I do think that FITARA helps us with visibility and trans- 
parency at a much more granular level that should help us avoid 
some of these. 

Mr. Lieu. Thank you, and I yield back. 

Mr. Hurd. Thank you, and I would like to thank the panelists. 
And I have a quick question to each one of you all, same question. 
Mr. Scott, I would like you to start off. What does successful imple- 
mentation of FITARA look like? 

Mr. Scott. I think I mentioned earlier. To me, it’s faster deliv- 
ery. It’s really speed. It’s efficiency of our spend. It’s projects that 
are on time and on budget and meeting the mission that they were 
designed for. They’re secure, and that we have a modern infra- 
structure that those things run on. And if we did those things, I 
think we would declare this a success. 

Mr. Hurd. Ms. Rung. 

Ms. Rung. Congressman, while I appreciate all the kind words 
about the guidance, I know that the hard work begins today. And 
in addition to everything that Tony just articulated, for me, success 
is IT acquisitions comes off the high risk list. 

Mr. Hurd. Mr. Spires. 

Mr. Spires. I would certainly echo those sentiments. I would add 
to it. The CIOs in IT organizations in the Federal Government 
aren’t there but to do anything else but to help ensure that the 
mission and the business of government is done in the agency that 
in which they live, right. 

So what I would add to that is, I would like to see a set of suc- 
cess criteria beyond what was just discussed that also talks about 
how it is that the IT organization is going to partner with the mis- 
sion in order to figure out effectiveness measures so that 3 years 
to 5 years from now, that agency is operating more effectively than 
it is today through the use of information technology or enhanced 
by information technology, 

Mr. Hurd. Mr. Powner. 

Mr. Powner. So before I talk about acquisition. I’d talk to about 
operations because I think success starts with moving, and in my 
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testimony, we have that breakdown on how much we have spend 
on legacy systems versus new development. There’s a lot of savings 
on Data Center Consolidation and PortfolioStat, that’s two of the 
seven provisions in FITARA. 

The first thing we need to do is we need to get out of this ineffi- 
cient spend on legacy and find a way to move that money into the 
modernization bucket, and then success in the modernization buck- 
et is quicker delivery. We talked a lot about processes, and those 
processes will help us get there, but if we don’t move money from 
these old archaic systems to new technologies, we’re not going to 
be successful. And if we don’t ultimately deliver the new tech- 
nologies quicker, that’s not success. 

Mr. Hurd. Excellent. Thank you. I’d like to yield to Mr. Con- 
nolly. 

Mr. Connolly. Thank you. Mr. Chairman, that was a great 
question, and if I were to answer it. I’d say certainly two things. 
One is we can identify billions of savings that currently are ineffi- 
ciently used. That’s a definite metric on whether it’s working or 
not. And secondly, can we get to a culture whereby we don’t treat 
technology as a commodity to be purchased and managed, we see 
it rather as a transformative process that can completely reshape 
how we provide services and manage those services for the citizens 
we serve. 

Mr. Chairman, I just want to, on a personal note, in addition to 
thanking these panelists who have really been partners in the en- 
terprise here, I want to thank two staff members who shepherded 
this legislation through two congresses with two very different 
Members of Congress coming together, nonetheless, and finding 
common ground, working with our Senate colleagues with which — 
a change over there that was not easy, and that’s Rich Beutel, who 
is in the audience today. Thank you. Rich. And he worked on the 
majority staff and worked in a very bipartisan way, under not al- 
ways easy circumstances. That deserves a lot of credit. 

And Ben Rodeside behind me in my staff who partnered with 
Rich also in a bipartisan manner, and there was no trial or tribu- 
lation too difficult for them, and they approached us with a won- 
derful creative spirit, and I am in their debt. 

Mr. Hurd. And as we continue to conduct oversight over the im- 
plementation of FITARA and IT acquisition reform, one of the 
things that the IT and the government ops subcommittees plan on 
doing is issuing regular scorecards and implement a grading sys- 
tem for compliance based on the rules and regulations of FITARA. 

I look forward to working with Ranking Member Kelly, Vice 
Chair Farenthold, Chairman Meadows, Representative Connolly, 
and members of the subcommittee on this issue. And I would like 
to thank our witnesses for taking the time to appear before us 
today. And if there’s no further business, without objection, this 
subcommittees stands adjourned. 

[Whereupon, at 4:10 p.m., the subcommittees were adjourned.] 
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Today, we are going to review GAO’s designation of IT acquisition as “high-risk” and highlight 
how the Federal Information Technology Reform Act (FITARA) can reduce IT acquisition risk. 

GAO has deemed IT acquisition - where we spend over $80 billion annually - “high risk.” 

While FITARA is not a panacea for all IT acquisition problems, it can be a useful tool to 
make real progress in reducing the risk of these large investments. 

We simply caruiot afford to spend over $600 million and then five years later terminate a 
program when it fails to deliver. This is what the VA did in 201 1 when it terminated its 
Financial and Logistics Integrated Technology Enterprise (FLITE) program (an integrated 
financial and logistics solution). 

IT Management and Acquisition has long been a problem for the federal government. 

In October 1994, then-Senator Cohen released a report entitled, Computer Chaos: Billions 
Wasted Buying Federal Computer Systems. The report made findings about the government’s 
acquisition of “computer systems” that ring true today: 

- “The failure of the government to effectively buy needed computer equipment and services 
has wasted billions of dollars.” 

- “Acquisitions of large computer systems are poorly managed and subject to cost overruns 
and schedule slippages.” 

- “Acquiring computers in the government takes significantly longer than developing new 
technology, increasing the likelihood that hardware will be obsolete.” 

Following this report the Clinger-Cohen Act became law. Clinger-Cohen created the agency 
CIO position and made CIOs responsible for assisting agency heads in IT acquisition and 
management. Unfortunately, Clinger-Cohen failed in the implementation effort. And here we 
are again in 201 5 hearing from GAO that IT Acquisition is high risk and in need of reform. 

1 am hopeful that in another twenty years we are not still discussing the same IT acquisition 
issues. I am hopeful that with aggressive implementation and oversight of FITARA, agency 
CIOs will use the enhanced CIO authorities and other tools provided in FITARA. 
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I am hopeful that the agency CIOs will - in partnership with their C-suite agency colleagues - 
fundamentally transform the way the federal government manages and buys IT. 

We cannot afford to be having the same discussion about IT management and acquisition - in 
another twenty years. Our fiscal situation demands that we take advantage of the opportunities 
for cost savings in IT - whether through eliminating duplication, transitioning to the Cloud and 
shared services or ensuring agile development. 

I am particularly interested in how we might define successful FITARA implementation and how 
we best empower the CIO for success. 

I look forward to working with the leadership and members of the IT and Government 
Operations Subcommittees on both sides of the aisle - to continue this oversight on FITARA 
implementation. We have to get it right this time. 

Now I would like to recognize Chairman Meadows for any opening comments. [Mr. Meadows 
is not expected to make an opening statement, but may just echo your opening statement 
comments.] 
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Opening Statement 
Rep. Robin Kelly, Ranking Member 

Hearing on “The Federal Information Technology 
Acquisition Reform Act’s Role in Reducing IT Acquisition Risk” 
Subcommittee on Information Technology 

June 10, 2015 

Thank you, Mr. Chairman, for holding today’s oversight hearing on the implementation 
of the Federal Information Technology Acquisition Reform Act (FITARA), bipartisan legislation 
intended to overhaul the federal government’s approach to managing its information technology 
(IT) resources and save billions of taxpayer dollars. 

1 would like t6 commend Representative Gerry Connolly, the Ranking Member of the 
Government Operations Subcommittee, and co-author of this legislation, for his continued work 
on federal IT issues and reforms. I look forward to working with him and other members of the 
Committee in conducting effective oversight of the implementation of this law across the 
government. 


FITARA includes a number of government-wide reforms for managing IT acquisitions 
and portfolios that will help ensure that the federal government is making wise and efficient 
investments in IT. 

This Committee plays an important oversight role that can increase transparency and 
accountability of agency efforts and help ensure that the law is effectively implemented. 

In February of this year, the Government Accountability Office released its biennial 
High-Risk Report, which added the new high-risk area “Improving the Management of 
Information Technology Acquisitions and Operations.” GAO found that the federal government 
spends billions of dollars on failed or poorly performing IT investments. 

Effective oversight is a key tool in identifying and reducing this kind of wasteful 
spending. Congress has a duty to conduct oversight, as well as an obligation to give agencies the 
tools they need to conduct their own oversight. Agencies need more well-trained acquisition 
personnel to effectively oversee complex systems and to ensure that the government is a smart 
and diligent consumer. FITARA recognizes this need. 



CongrevSS must also ensure that agencies have the resources to hire and retain qualified 
personnel that embrace the added authority and additional responsibilities provided to Chief 
Information Officers by this law. Congress, together vdth the Administration, should pursue 
ways to retain their expertise, train them in the most cutting-edge techniques, and support their 
critical work. 

In April 2015, 0MB released for public comment proposed guidance on how agencies 
are to implement FITARA. Today, after soliciting public feedback and conducting numerous 
outreach sessions with stakeholders and experts, 0MB issued its final guidance to agencies on 
the Management and Oversight of Information Technology Resources. 

I want to thank each of the witnesses for testifying today. I look forward to hearing your 
thoughts on how agency implementation of FITARA can improve the management of federal IT. 

Thank you, Mr. Chairman. 


Contact: Aryele Bradford, Deputy Commimications Director, (202) 226-5 181. 
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Post Hearing Questions for the Record 
Submitted to Mr. David A. Powner 
From Representative Tammy Duckworth 


“The Federal Information Technology Acquisition Reform Act's Role in Reducing IT Acquisition 

Risk” 

June 10, 2015 


1. GAO added “Improving the Management of IT Acquisitions and Operations” to its 
2015 High-Risk List, and has stated that the efficient implementation of FITARA 
requirements will help address the management problems related to IT investments. 
What is the potential impact of FITARA reforms on the management and oversight of 
IT in the federal government? What kind of cost savings could we see? 


When GAO introduced “Improving the Management of IT Acquisitions and Operations” to 
our High-Risk List in February 2015,’ we highlighted several critical information technology 
(IT) initiatives that have the potential to significantly improve the management and oversight 
of federal IT investments and yield substantial cost savings. These initiatives include 
opportunities for greater savings from data center consolidation, the need for agencies to 
deliver capabilities incrementally (e.g,, in 12-month cycles) to reduce investment risk, 
improvements needed in the accuracy and reliability of investment cost and schedule data 
on the IT Dashboard, and the importance of identifying duplicative IT spending and 
achieving cost savings as part of the Office of Management and Budget's (OMB) 
PortfolioStat initiative. 

Recognizing the importance of efforts to improve the government-wide management of IT, in 
December 2014, Congress enacted the Federal Information Technology Acquisition Reform 
provisions (commonly referred to as FITARA) as a part of the Carl Levin and Howard P. 
'Buck' McKeon National Defense Authorization Act for Fiscal Year 2015.^ This law includes 
requirements that agencies^ report to OMB on progress in consolidating federal data centers 
and achieving associated cost savings, and that cost and schedule performance are 
adequately reflected in evaluations of major IT Investments. Pursuant to FITARA, OMB must 
require in the annual IT capital planning guidance that agency chief information officers 
(CIO) certify that IT acquisitions are adequately implementing incremental development. 
Further, the law requires that OMB, in consultation with agency CIOs, implement a process 
to assist agencies in managing their IT portfolios, and that agencies ensure that CIOs have 
a significant role in IT programming and budgeting decisions. 


’GAO, High-Risk Series: An Update, GAO-15-290 (Washington, D.C.: Feb, 11, 2015). 

^Carl Levin and Howard P. 'Buck' McKeon National Defense Authorization Act for Fiscal Year 201 5, Pub. L. No. 113- 
291, division A, title Vill, subtitle D, 128 Stat, 3292. 3438-3450 (Deo, 19, 2014). 


’Unless otherwise noted, the provisions apply to the agendas covered by the Chief Financial Officers Act of 1990, as 
amended. 31 U.S.C. § 901(b). 
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The new IT acquisition reform requirements codified in FITARA, when fully implemented, will 
further assist the federal government in implementing the key initiatives identified in our 
high-risk report. Further, if fully implemented, these initiatives will significantly improve the 
management and oversight of federal IT investments and yield substantial cost savings. For 
example: 

• Data Center Consolidation. In September 2014 we reported that, between fiscal years 
201 1 and 2017, agencies reported planning a total of about $5.3 billion in cost savings 
and avoidances due to the consolidation of federal data centers."' In correspondence 
subsequent to the publication of our report, the Department of Defense’s Office of the 
CIO identified an additional $2,1 billion in savings to be realized beyond fiscal year 2017, 
which increased the total savings across the federal government to about $7.4 billion. 

• Incremental Development. We have previously reported that prior IT expenditures too 
often have produced failed projects — that is, projects with multimillion dollar cost 
overruns and schedule delays measured in years, with questionable mission-related 
achievements.® Agencies have reported that poor-performing projects have often used a 
“big bang" approach — that is, projects that are broadly scoped and aim to deliver 
functionality several years after initiation. One approach to reducing the risks from 
broadly scoped, multiyear projects is to divide investments into smaller parts. By 
following this approach, agencies can potentially increase the likelihood that each project 
will achieve its cost, schedule, and performance goals; obtain additional feedback from 
users, increasing the probability that each successive increment and project will meet 
user needs; and terminate poorly performing investments with fewer sunk costs. 

In 2010, 0MB called for agencies' major investments to deliver functionality every 12 
months and, since 2012, every 6 months. However, in May 2014, we reported that less 
than half of selected investments at five major agencies planned to deliver capabilities in 
12-month cycles,® Accordingly, we recommended that 0MB develop and issue clearer 
guidance on incremental development and that selected agencies update and implement 
their associated policies. Most agencies agreed with our recommendations or had no 
comment. 

• IT Dashboard. To improve transparency in the management of billions of dollars in 
federal IT investments, in June 2009, 0MB established a public website (referred to as 
the IT Dashboard) that provides detailed information on major IT investments at 27 
federal agencies, including ratings of their performance against cost and schedule 
targets.^ The public dissemination of this information is intended to allow OMB; other 
oversight bodies, including Congress; and the general public to hold agencies 
accountable for results and performance. 


"'GAO, Data Center Consolidation: Reporting Can Be Improved to Reflect Substantial Ranned Savings, GAO-14-713 
(Washington, D.C.: Sept. 25, 2014). 

®GAO, OMB and Agencies Need to More Effectively Implement Major Initiatives to Save Billions of Dollars, GAO-1 3- 
796T (Washington, D.C.: July 25, 2013). 

®GAO, Information Technology: Agencies Need to Establish and Implement Incremental Development Policies, GAO- 
14-361 (Washington, D.C.: May 1, 2014). 

^GAO, IT Dashboard: Agencies Are Managing Investment Risk, but Related Ratings Need to Be More Accurate and 
Available, GAO-14-64 (Washington, D.C.: Dec. 12, 2013). 
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Although the accuracy of Dashboard cost and schedule data has improved over time,® in 
December 2013, we reported that agencies had removed major investments from the 
site, representing a troubling trend toward decreased transparency,® For example, 
several of the Department of Energy’s supercomputer investments had been classified 
as facilities, rather than IT, thus removing those investments from the Dashboard, and 
OMB staff stated that they had no control over such decisions. Further reducing 
transparency, OMB does not update the public version of the Dashboard as it and the 
agencies work to assist in the formulation of the President's annual budget request. Over 
the past several years, we have made over 20 recommendations to help improve the 
accuracy and reliability of the information on the IT Dashboard and to increase its 
availability. 

• PortfolioStat. To better manage existing IT systems, OMB launched the PortfolioStat 
initiative, which requires agencies to conduct an annual, agency-wide IT portfolio review 
to, among other things, reduce commodity IT'° spending and demonstrate how their IT 
investments align with the agency’s mission and business functions. In November 201 3, 
we reported that, agencies continued to identify duplicative spending as part of 
PortfolioStat and that this initiative had the potential to save at least $5.8 billion through 
fiscal year 2015; however, weaknesses existed in agencies’ implementation of the 
initiative, such as limitations in the CIOs’ authority,” We made more than 60 
recommendations to improve OMB's and agencies’ implementation of PortfolioStat. 

OMB partially agreed with our recommendations, and responses from 21 of the agencies 
varied. 

More recently, in April 2015, we reported that agencies decreased their planned 
PortfolioStat savings to approximately $2 billion — a 68 percent reduction from the 
amount they reported to us in 201 3.'^ Additionally, although agencies also reported 
having achieved approximately $1,1 billion in PortfolioStat-related savings, 
inconsistencies in OMB’s and agencies’ reporting make it difficult to reliably measure 
progress in achieving savings. Among other things, we made recommendations to OMB 
aimed at improving the reporting of achieved savings and OMB agreed with the 
recommendations. 


®GAO, IT Dashboard: Accuracy Has Improved, and Additional Efforts Are Under Way to Better Inform Decision 
Making, GAO-1 2-210 (Washington, D.C.: Nov. 7, 2011). 

®GAO-14-64. 

’“According to OMB, commodity IT includes services such as IT infrastructure (data centers, networks, desktop 
computers and mobile devices); enterprise IT systems (e-mail, collaboration tools, identity and access management, 
security, and web infrastructure); and business systems (finance, human resources, and other administrative 
functions). 

”gaO, Information Technology: Additional OMB and Agency Actions Are Needed to Achieve Portfolio Savings, 
GAO-14-65 (Washington, D.C.: Nov. 6, 2013). 

’“GAO, Information Technology: Additional OMB and Agency Actions Needed to Ensure Portfolio Savings Are 
Realized and Effectively Tracked, GAO-15-296 (Washington, D.C.: Apr. 16, 2015), 
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2. In One objective of the guidance on FiTARA issued today is to strengthen agencies 
ability to align IT resources with agency missions, goals, programmatic priorities and 
statutory requirements. Can you provide an example of agency management 
practices in which IT resources are not aligned with agency missions or goals? 

OMB’s implementation guidance for FITARA states that one of the guidance’s objectives is 
to assist agencies in establishing management practices that align IT resources with agency 
missions, goals, programmatic priorities, and statutory requirements.''^ Over the past several 
years, we have repeatedly reported on and made recommendations to agencies to improve 
their IT governance and management practices. For example. 

• We recently reported on the Department of Agriculture's cancellation of key systems 
modernization program after the initiative experienced significant cost overruns and 
schedule delays, deferred the majority of the envisioned features, skipped key tests, and 
deployed software in April 2013 that was slow and inaccurate.” The program’s cost 
estimates also grew from $330 million to $659 million and time frames were delayed 
from early 2014 to late 2016, Among other things, we recommended that the department 
establish and implement a plan for adopting recognized IT management best practices, 

• We also recently found that the Department of Homeland Security’s U.S. Citizenship and 
immigration Services’ (USCIS) currently expects that its Transformation Program will 
cost up to $3.1 billion and be fully deployed no later than March 2019, which is an 
increase of approximately $1 billion and delay of over 4 years from its initial July 201 1 
baseline,''® Changes in the investment’s acquisition strategy to address various technical 
challenges have significantly delayed the program’s planned schedule, which in turn has 
had adverse effects on when USCIS expects to achieve cost savings, operational 
efficiencies, and other benefits. While the program’s two key governance bodies have 
taken actions aligned with leading IT management practices, neither has used reliable 
information to make decisions and inform external reporting. We made 
recommendations to the department to improve the governance and oversight of the 
transformation program. 

Further, in our high risk report, we noted that while there have been numerous executive 
branch initiatives aimed at addressing issues such as those described above, 
implementation of the initiatives across the federal government has been inconsistent.” As 
a result, over the past 5 years, we have reported numerous times on shortcomings with IT 
acquisitions and operations, and through December 2014, had made about 737 related 
recommendations, 361 of which were to OMB and agencies to improve the implementation 
of the recent initiatives and other government-wide, cross-cutting efforts; as of January 
2015, about 23 percent of the 737 recommendations had been fully implemented. 


”OMB, Management and Oversight of Federal Information Technology, Memorandum M-15-14 (Washington, D.C.; 
June 10,2015). 

”GA0, Farm Program Modernization: Farm Service Agency Needs to Demonstrate the Capacity to Manage IT 
Initiatives, GAO-15-506 (Washington, D.C.; June 18, 2015). 

”GA0, Immigration Benefits System: Better Informed Decision Making Needed on Transformation Program, GAO- 
15-415 (Washington, D.C.; May 18, 2015. 

''®GAO-1 5-290. 
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Statement for the Record 

by the Project On Government Oversight, June 16, 2015, 
for the House Committee on Oversight and Government Reform 
Subcommittee on Information Technology and 
Subcommittee on Government Operations Hearing on 

“The Federal Information Technology Reform Act’s Role in Reducing IT Acquisition Risk” 

The federal government spends $80 billion on information technology investments and products 
every year.’ Congress recently passed the bipartisan Federal Information Technology 
Acquisition Reform Act (FITARA) as part of the FY 2015 National Defense Authorization Act 
to comprehensively reform and improve federal IT spending. The Act is meant to strengthen the 
role of each agency’s Chief Information Officer (CIO), an executive responsible for all IT 
systems in the agency, as well as to increase transparency on how IT funds are spent. FITARA 
was designed to apply to all agencies, yet the Energy Department’s National Laboratories are 
seeking an official exemption from the requirements.^ POGO supports the goals of FITARA and 
opposes exempting the Department of Energy’s National Laboratories. 

Industry experts estimate that 25 percent, or $20 billion, of the $80 billion spent on IT annually 
is misused or wasted on duplicative projects and could be eliminated by “reducing IT overhead, 
consolidating data centers, eliminating redundant networks, and standardizing applications.” For 
example, agency managers have estimated that approximately 47 percent of IT budgets are used 
to maintain archaic platforms.'* 

The FY 2016 Senate Energy and Water Development Appropriations Bill includes a provision 
that would exempt the Energy Department’s 17 national laboratories from key requirements of 
FITARA and that bill’s predecessor, the Clinger Cohen Act of 1 996.* We believe that the 


' House Committee on Oversight and Government Reform, House Report to Accompany H.R. 1232 Federal 
Information Technology Acquisition Reform Act. http://wunv.gpo,gov/fdsys/E>kg/CRPT-l l_3h^p^3 59/html/CRP■X- 
^13hrpt359.htm (Downloaded June 15, 2015) (Hereinafter House Report to Accompany H.R. 1232) 

^ Lydia Dennett, “Energy Dept. Labs Seek Exemption from IT Oversight,” Project On Government Oversight, May 
27, 2015. http://\v’ww.pogo.org/bIog/2015/05/energv-dept-labs-seek-e.Kemption-frQm-it-oversight.htmi 
^ House Report to Accompany H.R. 1232; Technology CEO Council, One Trillion Reasons: How Commercial Best 
Practices to Maximize Productivity Can Save Taxpayer Money and Enhance Government Services, p. 4. 
http://www.techceocouncil.org,'clientuploads.^reports/TCC One Trillion Reasons FINAL.pdf (Downloaded June 


15, 2015) 

Michael Hardy, “House passes FITARA,” Federal Times, February 25, 2014. 
httD://archive.federaltimes.com/article/20!40225/AC(X)2/302250009.T{ouse-passes-FiTARA (Downloaded June 15, 

2015) 

^ 1 14'^ U.S. Congress, “Energy and Water Development and Related Agencies Appropriations Act, 2016” (H.R. 
2028), Introduced April 24, 2015, by Repre.sentative Michael Simpson, p. 1 19. 

http://www.appropriations.senate.gov/sites/default/riles/'hear{ngS/'FY2l06%20Energv%20and%20Water%20Develo 
pment%2QBill%20BILLS-l 14hr2028rs.pdf (Dowmloaded June 15,2015) 
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national laboratories and the super-computing industry have lobbied for this provision to try to 
circumvent key oversight reforms at the expense of taxpayers. 

The Energy Department initially fought , for a blanket exemption from FITARA requirements, 
and an amendment to that effect was added to the FY 2016 Energy and Water Development 
Appropriations Bill by Senator Lamar Alexander (R-TN). Oak Ridge National Laboratory is 
located in Senator Alexander’s home state of Tennessee. It was Senator Tom Udall (D-NM) who 
requested the language be changed in committee to exempt only the national labs. Senator 
Udall’s home state of New Mexico is also the home of two of the biggest national labs: Los 
Alamos National Laboratory and Sandia National Laboratory. Federal Computer Week recently 
reported that “the hope in Udall's office is that something will be worked out administratively 
that is satisfactory to 0MB, congressional backers of FITARA and the labs, without the need for 
legislation.” 

For over a decade POGO has worked on investigating waste, fraud, and abuse at the Department 
of Energy’s national labs, highlighting how the Department’s weak contractor oversight has led 
to hundreds of thousands of wasted taxpayer dollars, as well as dangerous security 
vulnerabilities.^ POGO believes that the exemption to completely exclude these labs from 
FITARA is unnecessary, particularly given exemptions already available to national security 
programs. The Energy Department’s labs claim that their work on many national security 
missions, such as maintaining the nuclear deterrent and developing models to simulate nuclear 
reactor cores, is beyond the scope of the CIO’s expertise. It is worth noting that the Department’s 
programs that are classified as national security systems are already exempted from FITARA, 
making the claim meaningless. The Office of Management and Budget’s guidelines for the law’s 
implementation further clarify that direct involvement by the CIO is not necessarily required and 
that “each agency should establish appropriate processes that work in its environment.”’ 

One of the main intents of FITARA is to ensure that the agency CIO position has the authority 
and prestige to attract applicants with the required subject-matter expertise. In this case, the 
Department’s current CIO, Michael Johnson, has over 25 years of management experience, 
including working on national security systems as a senior scientist at Sandia National 
Laboratory.* Exempting the national labs from the law would only serve to make the Energy 
Department’s CIO position unattractive to talented individuals — the exact opposite of one of the 
intended goals of the law. 

But the CIO’s increased involvement is not the Energy Department’s only concern. The 
Department’s labs widely distributed talking points pushing for the exemption, stating that “there 
is already an extensive review and approval process” for purchasing IT systems. This statement 


Lydia Dennett, “DOE Contracting Mismanagement Cost Taxpayers Over $450,000,” Project On Government 
Oversight, June 21, 2013. hItp://\v\vw,pogQ.org/blog/20 13/06.^20 1 3062 l-doe-contracting-mismanagement-cost- 
ta.x payers-over-450K.html : Peter Stockton and Lydia Dennett, “Where's the Oversight at Nuclear Labs? Hands-Off 
Approach Is Recipe for Disaster,” The Huffington Post, August 10, 2012. http:/.iw\s'w.huffmgtonpo.st.coni/'Droiect- 
on-govemment-oversight/wheres-the-oversieht-at-n b I764577.html (Downloaded June 15, 2015) 

’ Office of Management and Budget, “Management and Oversight of Federal Infonnation Technology,” 
htlps://managemenl.cio.gov/ (Downloaded June 15, 2015) 

* Department of Energy, “Michael M, Johnson— Chief Information Officer,” 
hltp:,7'energY.gov/cio/conlributor.s/michael-m-iohnson (Downloaded June 15, 2015) 
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is almost laughable considering the Department’s long and well-documented history of over- 
paying for IT systems. 

The Energy Department’s Inspector General (IG) has been concerned about the agency’s IT 
acquisition since 2006: an audit in that year found that the Department unnecessarily spent over 
$4 million “by underutilizing existing software agreements or purchasing software at higher 
prices, and acquiring unneeded licenses.”’ In 2007, the IG found additional overspending on IT 
and recommended a Department-wide approach to IT hardware acquisition and management.'® 
Seven years later, the Department was still wasting millions of dollars on unnecessary IT 
equipment; a series of Energy Department Inspector General reports from 2014 found even more 
examples of waste and mismanagement; 

• The Department was failing to follow guidelines established by the Office of 
Management and Budget for major IT investments. ' ' 

• A review of ten Energy Department locations found that the Department “spent over 
$325,000 to support mobile devices that were not used the entire time they were activated 
in FY 2012.”'^ 

• Another report found that the Department paid widely different prices for software 
licenses, in several instances hundreds of dollars more than established government-wide 
acquisition prices.'® 

At the end of 2014 the IG released a report detailing the findings of a review of the IT spending 
at eight Energy Department sites, several of them national laboratories. The IG determined that 
the Department spent almost $2 million more than necessary in FY 2012 at those eight sites 
alone. Several of the laboratories were responsible for this overspending: 

• Lawrence Berkley National Laboratory unnecessarily paid over $261,000 for nonstandard 
desktops and laptops in 2012. 

• Lawrence Livermore National Laboratory spent nearly $ 1 .3 million on non-standard 
purchases in 2012. 

• Oak Ridge National Laboratory deviated from standard IT prices 80 percent of the time. 


’ Department of Energy, Office of Inspector General, Audit Report: Management of the Department's Desktop 
Computer Software Enterprise License Agreements, January 2005, p. 5. 

http:/;energv.gov/.siles/prod/files/igprod;'(locument.s/CalendarYear2006/lG-07l8.ndf mr)wnlnartnH Tune 15,2015) 
Department of Energy, Office of Inspector General, Facility Contractor Acquisition and Management of 
Information Technology Hardware, June 2007. hltp://enerev.gov/sites/Drod/files/innrod/documents/lG-076S.ndf 
(Downloaded June 15, 2015) 

‘ Department of Energy, Office of inspector General, Special Report: Office of Energy Efficiency and Renewable 
Energy's Integrated Resource and Information System, April 2014. 

ilM; //gnergv.go\7sites/prod/fiies/20i4/04/fl4/DOE-lG-0905.pdf fnown]oarfRH .Time 15, 2015) 

Department of Energy, Office of Inspector General, Audit Report: The Department of Energy's Management and 
Use of Mobile Computing Devices and Services, April 2014, p. 1. 

M tp://energv.gpy7sjtes/prQd/nies/2014/04/fl5/POE-IG-Q908.pdf fnnwn1n;^rip,d June 15, 2015) 

Department of Energy, Office of Inspector General, Audit Report: FoUow-up on the Department of Energy's 
Acquisition and Maintenance, of Software Licenses, September 2014. 

,h,t.tp:// energv,goy/sites/prod/files/20 1 4/ lO/fl 8/DOE-lG-092Q.r>df mnwnlnaHeH Tnnp ] 5 , 2015) 
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• In addition to varying prices between different Energy Department sites, the IG found 
that Lawrence Livermore National Laboratory paid three different prices for the same 
desktop throughout 2012 and could have saved over $26,000 with proper management.''' 

The Government Accountability Office (GAO) has also raised concerns about the Energy 
Department’s IT acquisition process. In 2012, the GAO found six potentially duplicative IT 
systems at the Department, totaling S8 million, as well as four miscategorized IT investments, 
three of which were at national laboratories. According to the report, the Energy Department 
acknowledged that one of the reasons for duplicative IT purchases was “a lack of control over 
contractor facilities.”'^ 

A year later the GAO released another report on federal IT spending, this time criticizing several 
agencies, including the Energy Department, for their lack of transparency. Specifically, the 
Department chose to reclassify investments in supercomputers as non-lT spending, despite the 
fact that supercomputers indisputably fall into the definition of IT established by the Clinger 
Cohen Act of 1996. These investments, many of them at the Department’s national laboratories, 
were then removed from the IT Dashboard, a website maintained by the Office of Management 
and Budget to increase transparency and public oversight of major federal IT spending. The 
Energy Department’s spending on supercomputers accounts for almost 25 percent, or $368 
million, of the Department’s total 2012 IT spending,'* 

With such a long history of rampant waste in the Energy Department’s IT acquisition process the 
very last thing the labs should receive is a premature exemption from additional oversight of this 
process. Such an exemption would be particularly troubling because the Energy Department is 
already failing to follow guidelines established by the Offiee of Management and Budget. 

POGO believes that granting the national labs an exemption from this law would institutionalize 
Energy Department noncompliance with Clinger Cohen and FITARA, while setting a dangerous 
precedent for other agencies. The Office of Management and Budget has stated that to carve out 
the Energy Department’s national labs from the requirements of FITARA would be “highly 
problematic.”' ' Furthermore, the Government Aecountability Office, which has long been 
concerned with Department of Energy contract management and the agency's lack of compliance 
with the Clinger Cohen Act, also strongly opposes the broad carve-out sought by the national 


'''Department of Energy, Office of Inspector Audit Report: Follow-up on the Department of Energy's 

Management of Information Technology Hardware- October 2014, 
http://enerev.eov/sites/Drod/file.s/20l4/l l/fl9/lG-0926 I .pdf tDownloariefl Tune 15, 2015) 

Government Accountability Office, Information Technology: Departments of Defense and Energy Need to 
Address Potentially Duplicative Investments, February 2012, p. 18. http://www.gao.gov/assets/590/588656.ndf 
(Downloaded June 15, 2015) 

Government Accountability Office, IT Dashboard: Agencies Are Managing Investment Risk, but Related Ratings 
Need to Be More Accurate and Available, December 2013. httD://www.gao.gov/asset.s/660/659666.ndf (Downloaded 
June 15, 2015) 

” Letter from Shaun Donovan, Director of the Office of Management and Budget, to the Honorable Thad Cochran, 
Chairman of the Senate Committee on Appropriations, about the FY16 Energy and Water Development 
Appropriations Bill, June 2, 2015. htIps://www-whitehouse.gov,tsites/default/Fi[es/omb/iegislative/letters/senate- 
energy-water-developmenl-approDrialions-letter.pdf (Downloaded June 1 5, 20 1 5) 
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labs and super-computing industry.'* Granting the labs an exemption from FITARA completely 
undermines the intent of the law — government-wide IT acquisition reform that strengthens 
management, oversight, and transparency into IT investment performance. 


'*“061015 - FITARA’s Role in Reducing IT Acquisition Risk,’’ June 10, 2015, video clip, accessed June 15,2015, 
Y ouT ube. htlDs://www.voutobecom;'watch?v=wVGBRmpWTs (Downloaded June 15,2015) 
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